Техническая информация
- '<SYSTEM32>\notepad.exe' <SYSTEM32>\enviador.txt
- '%ProgramFiles%\Internet Explorer\IEXPLORE.EXE' http://me###.gusanito.com/flash/postales/3847_obj_esp.swf
- '%TEMP%\Csa_Expert.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\enviador[1].txt
- <SYSTEM32>\enviador.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\3847_obj_esp[1].swf
- %TEMP%\Csa_Expert.exe.nb5.tmp
- %TEMP%\Csa_Expert.exe
- %TEMP%\Csa_Expert.exe.nb5.tmp
- 'me###.gusanito.com':80
- 'www.ve####adual.com.br':80
- 'localhost':1036
- 'localhost':1037
- http://www.ve####adual.com.br/img/enviador.txt
- http://me###.gusanito.com/flash/postales/3847_obj_esp.swf
- DNS ASK www.ve####adual.com.br
- DNS ASK me###.gusanito.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''