Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\6a4891e1] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\6a4891e1] 'ImagePath' = '<DRIVERS>\6a4891e1.sys'
- <DRIVERS>\beep.sys
- NtOpenKey, драйвер-обработчик: Beep.SYS
- NtCreateKey, драйвер-обработчик: Beep.SYS
- NtCreateEvent, драйвер-обработчик: Beep.SYS
- %TEMP%\1.tmp
- %TEMP%\1.tmp
- 'da####service.asia':80
- 'da####service.org':80
- '20#.#2.168.191':80
- 'sa#####edinvestors.com':80
- 'in###world.biz':80
- 'in###world.info':80
- '67.##5.160.76':25
- '74.##5.232.51':25
- '74.##5.232.51':80
- 'any':25
- '20#.#6.232.182':25
- 'ma##.aol.com':25
- in###world.info/login.php
- in###world.biz/login.php
- sa#####edinvestors.com/login.php
- 20#.#2.168.191/login.php
- da####service.org/login.php
- da####service.asia/login.php
- DNS ASK da####service.org
- DNS ASK 20#.#2.168.191
- DNS ASK ma##.#icrosoft.com
- DNS ASK da####service.asia
- DNS ASK sa#####edinvestors.com
- DNS ASK in###world.biz
- DNS ASK in###world.info
- DNS ASK ya##o.com
- DNS ASK ma##.google.com
- DNS ASK google.com
- DNS ASK ma##.yahoo.com
- DNS ASK microsoft.com
- DNS ASK ma##.aol.com
- DNS ASK ao#.com