Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\ialdnwxf] 'ImagePath' = '<SYSTEM32>\ec5uZNM.sys'
- [<HKLM>\System\CurrentControlSet\Services\ialdnwxf] 'ImagePath' = '<SYSTEM32>\ecPXgw8.sys'
- %TEMP%\e_n4\krnln.fnr
- %TEMP%\e_n4\iext.fnr
- %TEMP%\e_n4\xplib.fne
- %TEMP%\e_n4\eapi.fne
- %TEMP%\e_n4\enetintercept.fne
- %TEMP%\e_n4\pbshell.fne
- %TEMP%\e_n4\htmlview.fne
- %TEMP%\e_n4\internet.fne
- %WINDIR%\syswow64\ec5uznm.sys
- %WINDIR%\syswow64\ecpxgw8.sys
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020020420200205\index.dat
- %WINDIR%\syswow64\ec5uznm.sys
- %WINDIR%\syswow64\ecpxgw8.sys
- http://www.qu##ing.tk/ad/ad1.html
- http://www.73##.com/sb.htm
- http://www.73##.com/ty.htm
- http://www.73##.com/gengxin.htm
- http://do###n.dot.tk/p/?d=#################################################################
- http://fr###om.link/?k=#####################
- http://www.fr###om.link/en/index.html?la#####
- http://www.fr###om.link/css/lander.css
- http://ma####.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
- DNS ASK 73##.com
- DNS ASK qu##ing.tk
- DNS ASK do###n.dot.tk
- DNS ASK fr###om.link
- DNS ASK ma####.bootstrapcdn.com
- DNS ASK fo###.#oogleapis.com
- DNS ASK co##.jquery.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''