Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\B1MQ] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\B1MQ] 'ImagePath' = '<DRIVERS>\B1MQ.sys'
- 'B1MQ' <DRIVERS>\B1MQ.sys
- %TEMP%\wp6gra.dat
- <DRIVERS>\b1mq.sys
- http://im####.baidu.com/forum/pic/item/63d0f703918fa0ec582280e1289759ee3c6ddb71.jpg
- http://an##.fhdlq.net/Drv/ls.txt
- http://im####.baidu.com/forum/pic/item/b812c8fcc3cec3fd189c4b48d888d43f87942769.jpg
- http://ww##.#pwoool.com/x64.html
- http://ae##.alicdn.com/kf/Hd1337dbe109340c49b5744bc74b99405Z.jpg
- http://ae##.alicdn.com/kf/Hdc5089a44d3e4c1387c44ce617a4e91eH.jpg
- http://p4.##.qhimgs1.com/t0297aa052ae755fbc5.jpg
- http://38.##.100.67/?a=#####################################
- http://im##.#pwoool.com/H0c6bffb4a9374871b2369c26f42671a6t.jpg
- DNS ASK 11#.###.#14.114.in-addr.arpa
- DNS ASK 86######b4795aef.bbyyjy.com
- DNS ASK im####.baidu.com
- DNS ASK an##.fhdlq.net
- DNS ASK in###nic.com
- DNS ASK ww##.#pwoool.com
- DNS ASK ae##.alicdn.com
- DNS ASK p4.##.qhimgs1.com
- DNS ASK im##.#pwoool.com
- '%TEMP%\wp6gra.dat'
- '%WINDIR%\syswow64\nslookup.exe' -qt=TXT 86c17a5fb4795aef.bbyyjy.com 114.114.114.114' (со скрытым окном)
- '%TEMP%\wp6gra.dat' ' (со скрытым окном)
- '%WINDIR%\syswow64\nslookup.exe' -qt=TXT 86c17a5fb4795aef.bbyyjy.com 114.114.114.114