Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'CoreShell' = '{EF7652A4-98EF-5031-226B-11456C96A7EA}'
- %WINDIR%\B732F5BF-65BB-4746-AED1-D52F64D5244E.exe
- %WINDIR%\83D2CDE2-8311-40CB-B51D-EBE20FA803D1.dll
- %CommonProgramFiles%\System\coreshell.dll
- %WINDIR%\ose00000.exe
- %TEMP%\zdg6EF885E2.tmp
- %TEMP%\zdg6EF885E2.tmp
- 'ad###incorp.com':80
- http://ad###incorp.com/webhp?re#################################################################
- DNS ASK ad###incorp.com
- '%WINDIR%\B732F5BF-65BB-4746-AED1-D52F64D5244E.exe'
- '%WINDIR%\ose00000.exe' "%WINDIR%\83D2CDE2-8311-40CB-B51D-EBE20FA803D1.dll" "<Полный путь к файлу>"
- '<SYSTEM32>\rundll32.exe' "%WINDIR%\83D2CDE2-8311-40CB-B51D-EBE20FA803D1.dll",init