Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\52482421] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\52482421] 'ImagePath' = 'system32\52482421.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
- <SYSTEM32>\appmgmts.dll
- %TEMP%\HELPCTR.EXE
- %TEMP%\MSIMG32.dll
- <SYSTEM32>\52482421.sys
- %TEMP%\46086c1f.bat
- %TEMP%\MSIMG32.dll
- %TEMP%\HELPCTR.EXE
- <Полный путь к файлу>
- 'le##en.com':80
- http://www.le##en.com/os/ace.exe via le##en.com
- DNS ASK www.ba##u.com
- DNS ASK www.le##en.com
- '%TEMP%\HELPCTR.EXE' -FromStartHelp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\46086c1f.bat" "