Техническая информация
- '<SYSTEM32>\wlcommunications.exe' /pid=3008
- '<SYSTEM32>\wlcommunications.exe' /pid=764
- '<SYSTEM32>\wlcommunications.exe'
- '<SYSTEM32>\wlcommunications.exe' (загружен из сети Интернет)
- <SYSTEM32>\CRNJEUFU.log
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\1[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\abc[1].swf
- <SYSTEM32>\wlcommunications.exe
- 'www.bi###broker.it':80
- 'localhost':1037
- 'ce###a.org.ar':80
- www.bi###broker.it/SUPPORT/upload/admin/database/bd/1.php?no#################
- ce###a.org.ar/Archivos/abc.swf
- DNS ASK www.bi###broker.it
- DNS ASK ce###a.org.ar
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'