Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'newRE' = '%WINDIR%\Fonts\newre.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'newne' = '%WINDIR%\Fonts\newne.exe'
- '%WINDIR%\Fonts\newre.exe'
- '<SYSTEM32>\sys.exe'
- '<SYSTEM32>\GbpSV.exe'
- '<SYSTEM32>\sys.exe' (downloaded from the Internet)
- '<SYSTEM32>\GbpSV.exe' (downloaded from the Internet)
- '%WINDIR%\Fonts\newre.exe' (downloaded from the Internet)
- %WINDIR%\Fonts\newre.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\Explorer[1].jpg
- <SYSTEM32>\sys.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\Explorer[1].gif
- <SYSTEM32>\GbpSV.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\Galaticos[1].jpg
- 'ww#########omprofile-aspxid.front.ru':80
- 'localhost':1036
- ww#########omprofile-aspxid.front.ru/Explorer.jpg
- ww#########omprofile-aspxid.front.ru/Galaticos.jpg
- ww#########omprofile-aspxid.front.ru/Explorer.gif
- DNS ASK ww#########omprofile-aspxid.front.ru