Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Microsoft Devices Manag] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Microsoft Devices Manag] 'ImagePath' = '<SYSTEM32>\Microsoft'
- %WINDIR%\syswow64\microsoft
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\9d161b3cd7c8b9d7b5c97e4395a9abd5_1d73d217c65ff0e3c7f11e1e795eada4
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\9d161b3cd7c8b9d7b5c97e4395a9abd5_1d73d217c65ff0e3c7f11e1e795eada4
- из <Полный путь к файлу> в %WINDIR%\syswow64\1043703.bak
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui#########
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEAsYwJ5dI0rgVZowXLqb4YQ%3D
- DNS ASK us###.qzone.qq.com
- DNS ASK oc##.dcocsp.cn
- '%WINDIR%\syswow64\microsoft'
- '%WINDIR%\syswow64\microsoft' Win7