Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinSend' = '%WINDIR%\Fonts\WinSend.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'newRE' = '%WINDIR%\Fonts\newre.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GbpSV' = '%WINDIR%\Fonts\GbpSV.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'newbi' = '%WINDIR%\Fonts\newbi.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\newre[1].rar
- %WINDIR%\Fonts\newre.rar
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\newbi[1].rar
- %WINDIR%\Fonts\newbi.rar
- 'www.me###corpo.com':80
- 'localhost':1035
- www.me###corpo.com/moedas/newre.rar
- www.me###corpo.com/moedas/newbi.rar
- DNS ASK www.me###corpo.com
- ClassName: 'Shell_TrayWnd' WindowName: ''