Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\apr6yowy] 'ImagePath' = '%WINDIR%\apr6yowy.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\apr6yowy] 'Start' = '00000001'
- 'C:\a434_w3490099.exe' (загружен из сети Интернет)
- 'C:\a434_w3490099.exe'
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- %WINDIR%\SSL\Sample CA 2.cer
- C:\a434_w3490099.exe
- %WINDIR%\SSL\cert.db
- %WINDIR%\apr6yowy.sys
- %WINDIR%\yyqg.dll
- %WINDIR%\apr6yowy.sys
- 'dl.#kiki.cn':80
- 'h.##m.cc':7518
- 'www.11#1.la':80
- 'localhost':1041
- http://dl.#kiki.cn/dl/bdqxwmt/a434_w3490099.exe
- http://www.11#1.la/gx/fzgx.txt
- DNS ASK h.##m.cc
- DNS ASK dl.#kiki.cn
- DNS ASK www.11#1.la
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '18467-41' WindowName: ''