Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'tcainit' = '<SYSTEM32>\mshtca.exe'
- <SYSTEM32>\mshtca.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\news.microsofthelpa[1]
- <SYSTEM32>\mshtca.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\news.microsofthelpa[1]
- 'ne##.##crosofthelpa.net':80
- ne##.##crosofthelpa.net/
- DNS ASK ne##.##crosofthelpa.net