Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\B1MQ] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\B1MQ] 'ImagePath' = '<DRIVERS>\B1MQ.sys'
- %TEMP%\y175vn.dat
- <DRIVERS>\b1mq.sys
- http://im####.baidu.com/forum/pic/item/63d0f703918fa0ec582280e1289759ee3c6ddb71.jpg
- http://an##.fhdlq.net/Drv/ls.txt
- http://im####.baidu.com/forum/pic/item/b812c8fcc3cec3fd189c4b48d888d43f87942769.jpg
- http://ww##.#pwoool.com/x64.html
- http://im####.baidu.com/forum/pic/item/ac6eddc451da81cb96c1aa0f5c66d016082431c8.jpg
- http://im####.baidu.com/forum/pic/item/6159252dd42a2834d55d601454b5c9ea15cebf32.jpg
- http://im####.baidu.com/forum/pic/item/3801213fb80e7beca2ec4c97202eb9389b506b96.jpg
- http://im####.baidu.com/forum/pic/item/80cb39dbb6fd52663211e4e7a618972bd407360f.jpg
- http://38.##.100.67/?a=#####################################
- DNS ASK 11#.###.#14.114.in-addr.arpa
- DNS ASK 86######b4795aef.bbyyjy.com
- DNS ASK im####.baidu.com
- DNS ASK an##.fhdlq.net
- DNS ASK in###nic.com
- DNS ASK ww##.#pwoool.com
- '%TEMP%\y175vn.dat'
- '%WINDIR%\syswow64\nslookup.exe' -qt=TXT 86c17a5fb4795aef.bbyyjy.com 114.114.114.114' (со скрытым окном)
- '%TEMP%\y175vn.dat' ' (со скрытым окном)
- '%WINDIR%\syswow64\nslookup.exe' -qt=TXT 86c17a5fb4795aef.bbyyjy.com 114.114.114.114