Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\60C473EB] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\60C473EB] 'ImagePath' = 'system32\60C473EB.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\AppMgmt] 'Start' = '00000002'
- <SYSTEM32>\appmgmts.dll
- %TEMP%\HELPCTR.EXE
- %TEMP%\MSIMG32.dll
- <SYSTEM32>\60C473EB.sys
- %TEMP%\0bd87a27.bat
- %TEMP%\MSIMG32.dll
- %TEMP%\HELPCTR.EXE
- <Full path to file>
- 'le##en.com':80
- http://www.le##en.com/TEL/JTV_A.EXE via le##en.com
- DNS ASK www.ba##u.com
- DNS ASK www.le##en.com
- '%TEMP%\HELPCTR.EXE' -FromStartHelp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\0bd87a27.bat" "