Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Wsvjae ppvozuvo] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wsvjae ppvozuvo] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Occkwc\Kibzquu.exe'
- 'Wsvjae ppvozuvo' %ProgramFiles(x86)%\Microsoft Occkwc\Kibzquu.exe
- %ProgramFiles%\apppatch\netsyst96.dll
- %ProgramFiles(x86)%\microsoft occkwc\kibzquu.exe
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\9d161b3cd7c8b9d7b5c97e4395a9abd5_557dae88cafc73c1280cbc72a453bdbd
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\9d161b3cd7c8b9d7b5c97e4395a9abd5_557dae88cafc73c1280cbc72a453bdbd
- 'a2####2.f3322.net':80
- 'a2####2.f3322.net':2222
- 'us###.qzone.qq.com':80
- 'us###.qzone.qq.com':443
- 'oc##.dcocsp.cn':80
- http://10#.#2.34.103/NetSyst96.dll
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEArIzKqFYmE3jrS4gQrE3QI%3D
- 'us###.qzone.qq.com':443
- DNS ASK a2####2.f3322.net
- DNS ASK us###.qzone.qq.com
- DNS ASK oc##.dcocsp.cn
- '%ProgramFiles(x86)%\microsoft occkwc\kibzquu.exe'