Technical Information
- Windows Security Center
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'RunInvalidSignatures' = '00000001'
- [<HKCU>\Software\Microsoft\Internet Explorer\Download] 'CheckExeSignatures' = 'no'
- <SYSTEM32>\expressos.cfg
- <SYSTEM32>\midas.dll
- 'sm##.#erra.com.br':25
- 'ne######rmelho.no-ip.org':1170
- 'ne######rmelho.no-ip.org':190
- 'ne######rmelho.no-ip.org':1172
- 'localhost':1039
- 'me#####e01.pochta.ru':80
- http://me#####e01.pochta.ru/midas.dll
- DNS ASK sm##.#erra.com.br
- DNS ASK me#####e01.pochta.ru
- DNS ASK ne######rmelho.no-ip.org
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TfBeholder' WindowName: ''