Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wmycc sixgrcjx] 'ImagePath' = '%WINDIR%\lsasa.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wmycc sixgrcjx] 'Start' = '00000002'
- '%WINDIR%\lsasa.exe'
- %WINDIR%\lsasa.exe
- 'us###.qzone.qq.com':80
- 'b1###.meibu.net':9926
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui###########
- DNS ASK us###.qzone.qq.com
- DNS ASK b1###.meibu.net