Техническая информация
- <SYSTEM32>\sys\smss.exe
- <SYSTEM32>\sys\smss.exe (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c ""%TEMP%\ECZ1.bat" "
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v LowRiskFileTypes /t REG_SZ /d .exe /f
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'
- %TEMP%\ECZ1.bat
- <SYSTEM32>\sys\001
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\helpicon[1].gif
- '20#.#30.189.133':80
- 20#.#30.189.133/images/helpicon.gif
- ClassName: 'MS_WINHELP' WindowName: ''