Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\hyf55] 'ImagePath' = '%TEMP%\kZlyiRS.sys'
- 'hyf55' %TEMP%\kZlyiRS.sys
- %WINDIR%\syswow64\svchost.exe
- %WINDIR%\syswow64\dult.dll
- %TEMP%\95b9.tmp
- %TEMP%\9608.tmp
- %TEMP%\9648.tmp
- %TEMP%\kzlyirs.sys
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012022081020220811\index.dat
- %TEMP%\kzlyirs.sys
- %TEMP%\95b9.tmp
- %TEMP%\9608.tmp
- %TEMP%\9648.tmp
- %TEMP%\kzlyirs.sys
- 'mo######521.blog.163.com':80
- 'mo###xie.win':80
- 'b.###.126.net':80
- 'ba##u.com':443
- http://mo######521.blog.163.com/blog/static/27250327320174622243849/
- http://bl##.163.com/login.do?er#####
- http://www.mo###xie.win/cansu521.txt
- http://b.###.126.net/style/common/error/404.css
- http://b.###.126.net/style/common/error/images/sprite-404.png
- http://b.###.126.net/style/common/error/images/newtip/nologin.png
- 'ba##u.com':443
- DNS ASK mo######521.blog.163.com
- DNS ASK bl##.163.com
- DNS ASK b.###.126.net
- DNS ASK mo###xie.win
- DNS ASK ba##u.com
- ClassName: 'ENewFrame' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\svchost.exe'