Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\QQ] 'Start' = '00000002'
- '<SYSTEM32>\abc.exe'
- '<SYSTEM32>\net1.exe' user haoabc$ /delete
- '<SYSTEM32>\net1.exe' user haoabc$ abc123 /add
- <SYSTEM32>\ozerst.dll
- <SYSTEM32>\abc.exe
- 'iv####er.ys168.com':80
- iv####er.ys168.com/
- DNS ASK iv####er.ys168.com