Technical Information
- %WINDIR%\system\system32.exe
- %WINDIR%\system\system32.exe (downloaded from the Internet)
- <SYSTEM32>\regsvr32.exe /i /s %WINDIR%\winlogon.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\get_wabs[1].jpg
- %WINDIR%\system\system32.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\foto[1].dll
- %WINDIR%\winlogon.dll
- 'ne##js.net':80
- 'www.fi####mpanies.com':80
- 'localhost':1035
- ne##js.net/images/get_wabs.jpg
- www.fi####mpanies.com/phpAds/foto.dll
- DNS ASK ne##js.net
- DNS ASK www.fi####mpanies.com