Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinNew' = 'rundll32 "<LS_APPDATA>\winexe.dll",run'
- %TEMP%\ex.exe ex.exe
- <SYSTEM32>\rundll32.exe winexe.dll,run
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\index[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\css[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\index[1].html
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].html
- %TEMP%\ex.exe
- %TEMP%\winexe.dll
- <LS_APPDATA>\winexe.dll
- 'em####ndedor.com.br':80
- 'a2#.com.br':80
- 'www.or#####lbellyworks.com':80
- 'www.br##en2.no':80
- 'wi###wsup.org':80
- em####ndedor.com.br/profiles/default/translations/css.html
- a2#.com.br/email/.class/index.html
- www.or#####lbellyworks.com/tmp/install_4bcf20df7f600/css/index.html
- www.br##en2.no/wp-content/uploads/2008/CSS/add.php
- wi###wsup.org/winupdate/index.html
- DNS ASK em####ndedor.com.br
- DNS ASK a2#.com.br
- DNS ASK www.or#####lbellyworks.com
- DNS ASK www.br##en2.no
- DNS ASK wi###wsup.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''