Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\360 system manage Control!] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\360 system manage Control!] 'ImagePath' = '%WINDIR%\Help\svchost.exe'
- %TEMP%\~ZY1.tmp
- %TEMP%\40158374.tmp
- %TEMP%\~ZY1.tmp
- from %TEMP%\40158374.tmp to %WINDIR%\Help\svchost.exe
- 'sm###0.3322.org':82
- DNS ASK sm###0.3322.org
- '%TEMP%\~ZY1.tmp'
- '%WINDIR%\Help\svchost.exe'