Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\HeheHeroifj] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k netsvcs
- %WINDIR%\hehehero.txt
- %WINDIR%\hehehero.reg
- %PROGRAM_FILES%\he115671ro.hero
- %PROGRAM_FILES%\he111093ro.hero
- %WINDIR%\heheheroI.ini
- %WINDIR%\heheheroI.ini
- %WINDIR%\hehehero.reg
- %WINDIR%\hehehero.txt
- 'he####ro.3322.org':1420
- DNS ASK he####ro.3322.org