Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Remote Shell Service] 'Start' = '00000002'
- %WINDIR%\helpen.exe
- %TEMP%\xiaoyu.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %WINDIR%\helpen.exe
- <SYSTEM32>\soft.ini
- %WINDIR%\soft.ini
- %TEMP%\xiaoyu.exe
- %TEMP%\soft.ini
- 'ha###r.9170.org':8088
- DNS ASK ha###r.9170.org
- ClassName: 'Shell_TrayWnd' WindowName: ''