Technical Information
- '%WINDIR%\system\system32.exe'
- '%WINDIR%\system\system32.exe' (downloaded from the Internet)
- '<SYSTEM32>\regsvr32.exe' /i /s %WINDIR%\winlogon.dll
- %WINDIR%\system\system32.exe
- %WINDIR%\winlogon.dll
- 'ne##js.net':80
- 'www.sp##ed.it':80
- 'localhost':1037
- ne##js.net/images/get_wabs.jpg
- www.sp##ed.it/phpadsnew/foto.dll
- DNS ASK ne##js.net
- DNS ASK www.sp##ed.it