Техническая информация
- <SYSTEM32>\func.dll
- %LOCALAPPDATA%\microsoft\internet explorer\domstore\p4p79gg0\www.hugedomains[1].xml
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020020620200207\index.dat
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- http://www.ch###koxp.com/tanitim/
- http://www.ch###koxp.com/
- http://www.ch###koxp.com/indir/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- DNS ASK ch###koxp.com
- DNS ASK fo####asset.info
- DNS ASK hu###omains.com
- DNS ASK st####.hugedomains.com
- DNS ASK ss#.####le-analytics.com
- DNS ASK c.####counter.com
- DNS ASK st###.#.doubleclick.net
- DNS ASK oc##.thawte.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '<SYSTEM32>\regsvr32.exe' <SYSTEM32>\func.dll' (со скрытым окном)
- '<SYSTEM32>\regsvr32.exe' <SYSTEM32>\func.dll