Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\dDkPQNOpFl] 'ImagePath' = '<SYSTEM32>\pFS\dDkPQNOpFl.B0X'
- NtQuerySystemInformation, драйвер-обработчик: dDkPQNOpFl.B0X
- <SYSTEM32>\blib.log
- %TEMP%\BackLib.log
- <SYSTEM32>\pFS\dDkPQNOpFl.B0X
- %HOMEPATH%\Templates\BU424cqt.dll
- %TEMP%\IDLL.log
- 'qq.com':80
- 'bing.com':80
- 'c.##reg.com':5048
- http://www.qq.com/ via qq.com
- http://www.bing.com/ via bing.com
- DNS ASK s.###ec.com.cn
- DNS ASK c.##reg.com
- DNS ASK www.qq.com
- DNS ASK www.bing.com
- 's.###ec.com.cn':5049
- '25#.#55.255.255':9031
- '<SYSTEM32>\rundll32.exe' "%HOMEPATH%\Templates\BU424cqt.dll",InstallHinfSection DefaultInstall 128