Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'shell' = '%APPDATA%\smss.exe'
- '%APPDATA%\smss.exe' 2860
- '%APPDATA%\smss.exe' 2860 TARP
- '%APPDATA%\smss.exe'
- '<SYSTEM32>\ping.exe' -n 1 localhost
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\SelfDelete.bat"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'
- %TEMP%\SelfDelete.bat
- %APPDATA%\smss.exe
- %APPDATA%\smss.exe
- 'www.89##.com':80
- '74.##5.232.51':443
- 'www.48##.com':80
- 'www.is.gd':80
- www.89##.com/
- www.is.gd/QezjMJm6nCeEuIFrQlWJBjPoB
- www.48##.com/
- DNS ASK www.89##.com
- DNS ASK google.com
- DNS ASK www.48##.com
- DNS ASK www.is.gd