Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ф¶іМ№ЬАн] 'Start' = '00000002'
- '%WINDIR%\helpen.exe'
- '%TEMP%\9300.exe'
- '<SYSTEM32>\sc.exe' Create "Ф¶іМ№ЬАн" binPath= "cmd /c start %WINDIR%\helpen" type= own type= interact start= auto
- '<SYSTEM32>\ping.exe' -n 6 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c %TEMP%\xytp.bat
- %WINDIR%\helpen.exe
- %TEMP%\xytp.bat
- %WINDIR%\setup.log
- %TEMP%\9300.exe
- %TEMP%\setup.log
- %TEMP%\9300.exe
- 'zk####47.3322.org':6688
- DNS ASK zk####47.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '54zxdxiaoyu12938'