Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Wskdif imxtpzxx] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wskdif imxtpzxx] 'ImagePath' = '%WINDIR%\Mkmgcsi.exe'
- 'Wskdif imxtpzxx' %WINDIR%\Mkmgcsi.exe
- %WINDIR%\mkmgcsi.exe
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\9d161b3cd7c8b9d7b5c97e4395a9abd5_557dae88cafc73c1280cbc72a453bdbd
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\9d161b3cd7c8b9d7b5c97e4395a9abd5_557dae88cafc73c1280cbc72a453bdbd
- '58.##.246.104':2014
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui############
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEArIzKqFYmE3jrS4gQrE3QI%3D
- DNS ASK us###.qzone.qq.com
- DNS ASK oc##.dcocsp.cn
- '%WINDIR%\mkmgcsi.exe'
- '%WINDIR%\mkmgcsi.exe' Win7