Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360Safeyh' = '%PROGRAM_FILES%\360safeyh\svchost.exe'
- %PROGRAM_FILES%\360safeyh\svchost.exe
- <SYSTEM32>\cmd.exe /c ""C:\aa.bat" "
- ClassName: 'AIONClientWndClass1.0' WindowName: 'AION Client'
- %PROGRAM_FILES%\360safeyh\svchost.exe
- C:\aa.bat
- C:\aa.bat
- ClassName: 'Edit' WindowName: 'yhzt'
- ClassName: 'Edit' WindowName: 'yhztMM'