Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\MDH] 'Start' = '00000002'
- '%WINDIR%\dwmhelper.exe' a
- '%WINDIR%\dwmhelper.exe' s
- '<SYSTEM32>\sc.exe' start MDH
- '<SYSTEM32>\sc.exe' create MDH binPath= "%WINDIR%\dwmhelper.exe s" DisplayName= "MDH" start= auto
- '<SYSTEM32>\taskkill.exe' /f /im dwmhelper.exe
- %WINDIR%\nLog.txt
- %WINDIR%\dwmhelper.exe
- %WINDIR%\MDH.dll
- 'au###.aeroadmin.com':80
- 'au###.aeroadmin.com':8080
- 'au###.aeroadmin.com':443
- DNS ASK pa###bin.com
- DNS ASK au###.aeroadmin.com
- 'au###.aeroadmin.com':0
- ClassName: '' WindowName: ''