Technical Information
- [<HKLM>\Software\Classes\netfile\shell\open\command] '' = '"%1" %*'
- [<HKLM>\Software\Classes\ехеfile\shell\open\command] '' = '"%1" %*'
- [<HKLM>\Software\Classes\eГ—efile\shell\open\command] '' = '"%1" %*'
- %ProgramFiles%\microsoft office\office14\bcssync.exe
- %WINDIR%\microsoft.net\framework\framework.net
- <PATH_SAMPLE>.ехе
- %TEMP%\rlrjcpku.ico
- %TEMP%\rlrjcpkutj.net
- %TEMP%\rcx970d.tmp
- <SYSTEM32>\wlcomm.ехе
- <PATH_SAMPLE>.ехе
- <SYSTEM32>\wlcomm.ехе
- %TEMP%\rlrjcpku.ico
- %TEMP%\rlrjcpkutj.net
- from %TEMP%\rcx970d.tmp to %TEMP%\rlrjcpkutj.net
- %ProgramFiles%\Microsoft Office\Office14\BCSSync.exe
- http://jo#####de.blogspot.com/2010/12/acceso.html
- DNS ASK jo#####de.blogspot.com
- DNS ASK ir#.#bjects.net
- '%WINDIR%\microsoft.net\framework\framework.net' bautiza
- '<PATH_SAMPLE>.ехе'
- '%WINDIR%\microsoft.net\framework\framework.net' vive
- '<SYSTEM32>\wlcomm.ехе' vive