Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\DBKDRVR54] 'ImagePath' = '<SYSTEM32>\Process kill drive FE.sys'
- NtQuerySystemInformation, драйвер-обработчик: Process kill drive FE.sys
- <SYSTEM32>\Process kill drive FE.sys
- %TEMP%\huanying.mp3
- %TEMP%\ok.mp3
- %TEMP%\sorry.mp3
- <SYSTEM32>\Process kill drive FE.sys
- 'ar####e.apnic.net':80
- 'localhost':1039
- 'ui.###ogin2.qq.com':80
- http://ar####e.apnic.net/templates/ipv6man/?id##################
- http://ui.###ogin2.qq.com/cgi-bin/login?ap#########################################################################################
- DNS ASK ar####e.apnic.net
- DNS ASK ui.###ogin2.qq.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''