Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '293erci.exe' = '<SYSTEM32>\\293erci.exe'
- <SYSTEM32>\293_8336_3312790.exe
- <SYSTEM32>\293_8336_3312790.exe (загружен из сети Интернет)
- <SYSTEM32>\293erci.exe
- <SYSTEM32>\293_8336_3312790.exe
- 'ba##.#zone.qq.com':80
- 'd2.#oo8.com':80
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui##################
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui#################
- d2.#oo8.com/293/293_8336_3312790.exe
- ba##.#zone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui###################
- DNS ASK ba##.#zone.qq.com
- DNS ASK d2.#oo8.com