Техническая информация
- '<SYSTEM32>\DllHost.exe' /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
- '<SYSTEM32>\services.exe'
- <SYSTEM32>\services.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\aa[1].htm
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\bb[1].htm
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\168[1].htm
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOXZEUJX\index2[1].htm
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOWDBRP7\index8[1].htm
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\cc[1].htm
- %WINDIR%\Internet Explorer.exe
- <SYSTEM32>\PastYLywi.sys
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- <SYSTEM32>\PastGzrBi.sys
- %HOMEPATH%\Desktop\Internet Explorer.lnk
- %WINDIR%\Internet Explorer.exe
- <SYSTEM32>\PastYLywi.sys
- <SYSTEM32>\PastGzrBi.sys
- 'www.br###y168.com':80
- 'cf##n.com':80
- 'localhost':63744
- www.br###y168.com/index8.htm
- www.br###y168.com/168.htm
- www.br###y168.com/index2.htm
- cf##n.com/cc.htm
- cf##n.com/bb.htm
- cf##n.com/aa.htm
- DNS ASK www.br###y168.com
- DNS ASK cf##n.com
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''