Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\secver] 'Start' = '00000002'
- '<DRIVERS>\etc\secver.exe'
- '<SYSTEM32>\winlogon.exe' 12143
- '<SYSTEM32>\cmd.exe' /c %TEMP%\ELAOMQ.bat
- <SYSTEM32>\winlogon.exe
- %TEMP%\ELAOMQ.bat
- <DRIVERS>\etc\secver.exe
- '12###.rhelper.com':2800
- DNS ASK 12###.rhelper.com
- ClassName: 'Shell_TrayWnd' WindowName: ''