Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SQLServer] 'ImagePath' = '<SYSTEM32>\SQLServer.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\SQLServer] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\speed_change_010] 'ImagePath' = '<DRIVERS>\yhplayers.sys'
- <SYSTEM32>\SQLServer.sys
- <DRIVERS>\yhplayers.sys
- <DRIVERS>\yhplayers.sys
- 'yu#######nsuqi.b0.upaiyun.com':80
- 'localhost':1039
- 'yu####.yuzhoupk.com':80
- 'my.##years.com':80
- http://yu#######nsuqi.b0.upaiyun.com/yuzhou.txt
- http://yu####.yuzhoupk.com/
- http://my.##years.com/list.rar
- DNS ASK yu#######nsuqi.b0.upaiyun.com
- DNS ASK yu####.yuzhoupk.com
- DNS ASK my.##years.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''