Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wscsvcmgou] 'ImagePath' = '%ALLUSERSPROFILE%\Application Data\Logs\czmgqi.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\wscsvcmgou] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k netsvcs
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\Application Data\Logs\czmgqi.exe
- %ALLUSERSPROFILE%\Application Data\Logs\czmgqi.exe
- '95.#6.99.86':80
- http://95.#6.99.86/3ohvki98aaasarj9ymiymieeeeew5.php