Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\BFCFLPkcU] 'Start' = '00000001'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- <SYSTEM32>\BFCFLPkcU.sys
- <SYSTEM32>\kdpay.dll
- <DRIVERS>\yhplayers.sys
- <SYSTEM32>\8C05qHxOu.sys
- %TEMP%\2932vZv18.tmp
- <SYSTEM32>\8C05qHxOu.systmp
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- <DRIVERS>\yhplayers.sys
- %TEMP%\2932vZv18.tmp
- <SYSTEM32>\8C05qHxOu.sys
- <SYSTEM32>\8C05qHxOu.systmp в <SYSTEM32>\8C05qHxOu.sys
- 'localhost':1040
- 'my.##years.com':80
- 't.##.com':80
- 'yu#######nsuqi.b0.upaiyun.com':80
- my.##years.com/list.rar
- my.##years.com/updata.php?t=#######
- t.##.com/sddosas/mine
- yu#######nsuqi.b0.upaiyun.com/yuzhou.txt
- DNS ASK my.##years.com
- DNS ASK yu#######nsuqi.b0.upaiyun.com
- DNS ASK t.##.com