Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\ialdnwxf] 'ImagePath' = '<SYSTEM32>\ecAhzWQ.sys'
- [<HKLM>\System\CurrentControlSet\Services\ialdnwxf] 'ImagePath' = '<SYSTEM32>\ecLJ298.sys'
- %TEMP%\e_n4\krnln.fnr
- %TEMP%\e_n4\iext.fnr
- %TEMP%\e_n4\xplib.fne
- %TEMP%\e_n4\eapi.fne
- %TEMP%\e_n4\enetintercept.fne
- %TEMP%\e_n4\pbshell.fne
- %TEMP%\e_n4\htmlview.fne
- %TEMP%\e_n4\internet.fne
- %WINDIR%\syswow64\ecahzwq.sys
- %WINDIR%\syswow64\eclj298.sys
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020020420200205\index.dat
- %WINDIR%\syswow64\ecahzwq.sys
- %WINDIR%\syswow64\eclj298.sys
- http://www.qu##ing.tk/ad/ad1.html
- http://www.73##.com/ty.htm
- http://www.73##.com/sb.htm
- http://www.73##.com/gengxin.htm
- DNS ASK 73##.com
- DNS ASK qu##ing.tk
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''