Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ssmss' = '<SYSTEM32>\ssmss.exe'
- %TEMP%\ssmss.exe
- %TEMP%\Setup.exe
- %TEMP%\aut2.tmp
- %TEMP%\$inst\7.tmp
- %TEMP%\ssmss.exe
- <SYSTEM32>\size0001.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\static[1].txt
- %TEMP%\Setup.exe
- %TEMP%\aut1.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\4.tmp
- <SYSTEM32>\size0001.txt
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- 'bi#####us.wtcsites.com':80
- bi#####us.wtcsites.com/data/world7/static.txt
- DNS ASK bi#####us.wtcsites.com
- ClassName: 'Shell_TrayWnd' WindowName: ''