Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wmspl' = 'rundll32.exe "%TEMP%\wmspl.dll",LoadBitmapList'
- '<SYSTEM32>\rundll32.exe' "%TEMP%\wmspl.dll",SHMultiply6
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\id=AQARAAEAugkCAAEFBhcAAAAAAAAAAAAAAAAAAABBDAMaCwAAAJKu8obhEWZ4rLhtgiZvmW8AAFVVVVVVVVVVVVVVVVVVVVWiXdMB6EU-lsPwAQBWVFFcXlNCWH9nd3RrZ3h...
- %TEMP%\wmspl.dll
- '12#####.midifilehosting.com':80
- http://12#####.midifilehosting.com/file/id=AQARAAEAugkCAAEFBhcAAAAAAAAAAAAAAAAAAABBDAMaCwAAAJKu8obhEWZ4rLhtgiZvmW8AAFVVVVVVVVVVVVVVVVVVVVWiXdMB6EU-lsPwAQBWVFFcXlNCWH9nd3RrZ3hqegYBAjRW&rt=AAAAAA...
- DNS ASK 12#####.midifilehosting.com