Техническая информация
- '<SYSTEM32>\svhost.exe'
- '%WINDIR%\Help\SPOOLSVR.EXE'
- '%WINDIR%\Help\SPCHOST.EXE'
- '%WINDIR%\Help\SPOOLSVR.EXE' (загружен из сети Интернет)
- '%WINDIR%\Help\SPCHOST.EXE' (загружен из сети Интернет)
- '<SYSTEM32>\svhost.exe' (загружен из сети Интернет)
- '<SYSTEM32>\regsvr32.exe' /s ctef.dll
- ClassName: 'OLLYDBG' WindowName: '(null)'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\modelo21[1].pdf
- %WINDIR%\Help\SPCHOST.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\modelo22[1].pdf
- %WINDIR%\Help\SPOOLSVR.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\modelo2[1].pdf
- <SYSTEM32>\svhost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\mesg1[1].pdf
- %WINDIR%\Help\uhost.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\mesgtxt[1].pdf
- <SYSTEM32>\ctef.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\ctef[1].pdf
- %WINDIR%\msapps\msn.exe
- 'www.em###agens.biz':80
- 'localhost':1035
- www.em###agens.biz/files/modelo22.pdf
- www.em###agens.biz/files/modelo21.pdf
- www.em###agens.biz/files/modelo2.pdf
- www.em###agens.biz/files/mesgtxt.pdf
- www.em###agens.biz/files/mesg1.pdf
- www.em###agens.biz/files/ctef.pdf
- DNS ASK www.em###agens.biz
- ClassName: 'WispWindowClass' WindowName: '(null)'