Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinNew' = 'rundll32 "<LS_APPDATA>\winexe.dll",run'
- %TEMP%\ex.exe ex.exe
- <SYSTEM32>\rundll32.exe winexe.dll,run
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cal[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].html
- <LS_APPDATA>\winexe.dll
- %TEMP%\winexe.dll
- %TEMP%\ex.exe
- 'www.or#####lbellyworks.com':80
- 'www.fu#####formance.com.br':80
- 'gd##.com':80
- www.or#####lbellyworks.com/tmp/install_4bcf20df7f600/css/index.html
- www.fu#####formance.com.br/images/stories/cal.html
- gd##.com/tmp/css/add.php
- DNS ASK www.or#####lbellyworks.com
- DNS ASK em####ndedor.com.br
- DNS ASK www.fu#####formance.com.br
- DNS ASK gd##.com
- '<IP-адрес в локальной сети>':1037
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''