Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Prsionalqlc] 'Start' = '00000002'
- '%TEMP%\setupa.exe'
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\hfblddel.bat" "
- %CommonProgramFiles%\svchost.exe
- <SYSTEM32>\hfblddel.bat
- %TEMP%\setupa.exe
- %CommonProgramFiles%\svchost.exe
- 'he###.gb868.com':7788
- DNS ASK he###.gb868.com