Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'alert.exe' = '<SYSTEM32>\alert.exe'
- '%WINDIR%\note.exe'
- '<SYSTEM32>\alert.exe'
- '%WINDIR%\note.exe' (downloaded from the Internet)
- %WINDIR%\note.exe
- <SYSTEM32>\alert.exe
- <SYSTEM32>\alert.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sendinfo.fe100[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\getip[1]
- from <SYSTEM32>\alert.exe to <SYSTEM32>\drv.lb
- 'br#####sturl.fe100.net':80
- 'se####fo.fe100.net':80
- 'www.33##.org':80
- br#####sturl.fe100.net/download/note.exe
- se####fo.fe100.net/
- www.33##.org/dyndns/getip
- DNS ASK up####.wow64.net
- DNS ASK br#####sturl.fe100.net
- DNS ASK co#####switch.dnsd.info
- DNS ASK www.33##.org
- DNS ASK se####fo.fe100.net