Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ф¶іМ№ЬАн] 'Start' = '00000002'
- %WINDIR%\helpen.exe
- %TEMP%\30031.exe
- <SYSTEM32>\sc.exe Create "Ф¶іМ№ЬАн" binPath= "cmd /c start %WINDIR%\helpen" type= own type= interact start= auto
- <SYSTEM32>\ping.exe -n 6 127.0.0.1
- <SYSTEM32>\cmd.exe /c %TEMP%\xytp.bat
- %WINDIR%\helpen.exe
- %TEMP%\xytp.bat
- %WINDIR%\xiaoyu.log
- %TEMP%\30031.exe
- %TEMP%\xiaoyu.log
- %TEMP%\30031.exe
- 'li#####19967.3322.org':7000
- DNS ASK li#####19967.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'xiaoyu1949'