Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\17F2bbpPE] 'Start' = '00000001'
- NtSetValueKey, драйвер-обработчик: 17F2bbpPE.sys
- <SYSTEM32>\17F2bbpPE.sys
- <DRIVERS>\yhplayers.sys
- <SYSTEM32>\6B5CuvcyV.systmp
- <SYSTEM32>\6B5CuvcyV.sys
- %TEMP%\42DAwZ0Ij.tmp
- <DRIVERS>\yhplayers.sys
- <SYSTEM32>\6B5CuvcyV.sys
- %TEMP%\42DAwZ0Ij.tmp
- <SYSTEM32>\6B5CuvcyV.systmp в <SYSTEM32>\6B5CuvcyV.sys
- 'localhost':1040
- 'yu#######nsuqi.b0.upaiyun.com':80
- 't.##.com':80
- yu#######nsuqi.b0.upaiyun.com/yuzhou.txt
- t.##.com/sddosas/mine
- DNS ASK my.##years.com
- DNS ASK yu#######nsuqi.b0.upaiyun.com
- DNS ASK t.##.com