Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Wingmt] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Wingmt] 'ImagePath' = '%APPDATA%\Mozilla\Wingmt.exe'
- %APPDATA%\Mozilla\Wingmt.exe
- %APPDATA%\Mozilla\utility.dll
- %APPDATA%\Mozilla\Wingmt.exe
- <Full path to file>
- '12#.#25.114.144':80
- 'up####.jskp.jss.com.cn':80
- http://up####.jskp.jss.com.cn/getfileinfo
- DNS ASK www.ba##u.com
- DNS ASK up####.jskp.jss.com.cn
- '%APPDATA%\Mozilla\Wingmt.exe' -install
- '%APPDATA%\Mozilla\Wingmt.exe'
- '<SYSTEM32>\cmd.exe' /c del /q "<Full path to file>"