Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\hyf55] 'ImagePath' = '%TEMP%\9ycotox.sys'
- 'hyf55' %TEMP%\9ycotox.sys
- %TEMP%\9ycotox.sys
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020092620200927\index.dat
- %TEMP%\9ycotox.sys
- %TEMP%\9ycotox.sys
- http://mo######521.blog.163.com/blog/static/27250327320174622243849/
- http://bl##.163.com/login.do?er#####
- http://b.###.126.net/style/common/error/404.css
- http://b.###.126.net/style/common/error/images/sprite-404.png
- http://b.###.126.net/style/common/error/images/newtip/nologin.png
- http://www.mo###xie.win/cansu521.txt
- http://www.mo###xie.win/aes.js
- http://www.mo###xie.win/cansu521.txt?i=#
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK mo######521.blog.163.com
- DNS ASK bl##.163.com
- DNS ASK b.###.126.net
- DNS ASK mo###xie.win
- DNS ASK ba##u.com
- DNS ASK microsoft.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''