Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\hyf55] 'ImagePath' = '%TEMP%\hdUc6fb.sys'
- 'hyf55' %TEMP%\hdUc6fb.sys
- %WINDIR%\syswow64\ctfmon.exe
- %TEMP%\104ae4.tmp
- %TEMP%\104c5c.tmp
- %TEMP%\104d56.tmp
- %TEMP%\hduc6fb.sys
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020092620200927\index.dat
- %TEMP%\hduc6fb.sys
- %TEMP%\104ae4.tmp
- %TEMP%\104c5c.tmp
- %TEMP%\104d56.tmp
- %TEMP%\hduc6fb.sys
- http://mo######521.blog.163.com/blog/static/27250327320174622243849/
- http://bl##.163.com/login.do?er#####
- http://b.###.126.net/style/common/error/404.css
- http://b.###.126.net/style/common/error/images/sprite-404.png
- http://b.###.126.net/style/common/error/images/newtip/nologin.png
- http://www.mo###xie.win/cansu521.txt
- http://www.mo###xie.win/aes.js
- http://www.mo###xie.win/cansu521.txt?i=#
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK mo######521.blog.163.com
- DNS ASK bl##.163.com
- DNS ASK b.###.126.net
- DNS ASK mo###xie.win
- DNS ASK ba##u.com
- DNS ASK microsoft.com
- ClassName: 'ENewFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\ctfmon.exe'