Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\.Net CLR] 'Start' = '00000002'
- '<SYSTEM32>\hjco.exe'
- <SYSTEM32>\yy.exe
- <SYSTEM32>\hjco.exe
- <Текущая директория>\yy.exe
- 'ba##.#zone.qq.com':80
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui#######################
- DNS ASK ba##.#zone.qq.com