Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Pqrstu Wxyabcde Ghi] 'Start' = '00000002'
- <SYSTEM32>\rundll32.exe %TEMP%\\2489052.dll,Install
- <SYSTEM32>\svchost.exe -k "Pqrstu Wxyabcde Ghi"
- %WINDIR%\213267.dll
- %WINDIR%\208408.dll
- %TEMP%\2489052.dll
- <SYSTEM32>\wbem\Logs\wbemess.lo_
- 'wa#####014.gnway.net':6014
- DNS ASK wa#####014.gnway.net