Техническая информация
Изменения в файловой системе:
Создает следующие файлы:
- %TEMP%\InstalaDown.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\MSINET[1].zip
- %TEMP%\andrezinho\_dll\MSINET.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\ReportX[1].zip
- %TEMP%\andrezinho\_dll\ReportX.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\RepXHTM[1].zip
- %TEMP%\andrezinho\_dll\RepXHTM.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\SIBPRO2[1].zip
- %TEMP%\andrezinho\_dll\SIBPRO2.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\SSubTmr6[1].zip
- %TEMP%\andrezinho\_dll\SSubTmr6.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\VB6STKIT[1].zip
- %TEMP%\andrezinho\_dll\VB6STKIT.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\vbalIml6[1].zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\MSCOMCTL[1].zip
- %TEMP%\andrezinho\_dll\MSCOMCTL.zip
- %TEMP%\andrezinho\_dll\vbalIml6.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\vbalSGrid6[1].zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\tutorial[1].zip
- %TEMP%\andrezinho\e-manager\emanager.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\emanager[1].zip
- %TEMP%\andrezinho\_sys\nfe_schemas.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\nfe_schemas[1].zip
- %TEMP%\andrezinho\_dll\COMCT232.zip
- %TEMP%\andrezinho\_sys\nfe_gcode.zip
- %TEMP%\andrezinho\_sys\Fb.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\Fb[1].zip
- %TEMP%\andrezinho\_sys\Desinstala.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\Desinstala[1].zip
- %TEMP%\andrezinho\_sys\AtSistema.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\AtSistema[1].zip
- %TEMP%\andrezinho\_dll\vbalSGrid6.zip
- %TEMP%\andrezinho\_dll\MSCAL.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\MSCAL[1].zip
- %TEMP%\andrezinho\_dll\IBOLE.zip
- %TEMP%\AUNZIP32.DLL
- %TEMP%\AZIP32.DLL
- %TEMP%\MSINET.OCX
- %TEMP%\script_emanager.txt
- <SYSTEM32>\MSINET.OCX
- %TEMP%\null
- <SYSTEM32>\AUNZIP32.DLL
- <SYSTEM32>\AZIP32.DLL
- %TEMP%\script.txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\aspapi[1].zip
- %TEMP%\andrezinho\_dll\aspapi.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\Call32[1].zip
- %TEMP%\andrezinho\_dll\Call32.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\cdosys[1].zip
- %TEMP%\instala.bat
- %TEMP%\andrezinho\_dll\cdosys.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\IBOLE[1].zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\chartdir41[1].zip
- %TEMP%\andrezinho\_dll\chartdir41.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\ChartViewer[1].zip
- %TEMP%\andrezinho\_dll\ChartViewer.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\comchartdir[1].zip
- %TEMP%\andrezinho\_dll\comchartdir.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\nfe_gcode[1].zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\COMCT232[1].zip
- %TEMP%\andrezinho\e-manager\tutorial.zip
- %TEMP%\andrezinho\_dll\COMDLG32.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\FM20[1].zip
- %TEMP%\andrezinho\_dll\FM20.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\GDS32[1].zip
- %TEMP%\andrezinho\_dll\GDS32.zip
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\COMDLG32[1].zip
- %TEMP%\desinstala.log
Удаляет следующие файлы:
- %TEMP%\andrezinho\_dll\aspapi.zip
- %TEMP%\andrezinho\_sys\nfe_schemas.zip
- %TEMP%\andrezinho\_sys\nfe_gcode.zip
- %TEMP%\andrezinho\_sys\Fb.zip
- %TEMP%\andrezinho\_sys\Desinstala.zip
- %TEMP%\andrezinho\_sys\AtSistema.zip
- %TEMP%\andrezinho\_dll\vbalSGrid6.zip
- %TEMP%\andrezinho\_dll\vbalIml6.zip
- %TEMP%\andrezinho\_dll\VB6STKIT.zip
- %TEMP%\andrezinho\_dll\SSubTmr6.zip
- %TEMP%\andrezinho\_dll\SIBPRO2.zip
- %TEMP%\andrezinho\_dll\RepXHTM.zip
- %TEMP%\andrezinho\_dll\ReportX.zip
- %TEMP%\andrezinho\_dll\MSINET.zip
- %TEMP%\andrezinho\_dll\MSCOMCTL.zip
- %TEMP%\andrezinho\_dll\MSCAL.zip
- %TEMP%\andrezinho\_dll\IBOLE.zip
- %TEMP%\andrezinho\_dll\GDS32.zip
- %TEMP%\andrezinho\_dll\FM20.zip
- %TEMP%\andrezinho\_dll\COMDLG32.zip
- %TEMP%\andrezinho\_dll\COMCT232.zip
- %TEMP%\andrezinho\_dll\comchartdir.zip
- %TEMP%\andrezinho\_dll\ChartViewer.zip
- %TEMP%\andrezinho\_dll\chartdir41.zip
- %TEMP%\andrezinho\_dll\cdosys.zip
- %TEMP%\andrezinho\_dll\Call32.zip
- %TEMP%\andrezinho\e-manager\emanager.zip
- %TEMP%\andrezinho\e-manager\tutorial.zip
Сетевая активность:
Подключается к:
- 'localhost':1038
- 'an#####nhoinfo.com.br':80
TCP:
Запросы HTTP GET:
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/aspapi.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_sys/nfe_schemas.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_sys/nfe_gcode.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_sys/Fb.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_sys/Desinstala.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_sys/AtSistema.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/vbalSGrid6.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/vbalIml6.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/VB6STKIT.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/SSubTmr6.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/SIBPRO2.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/RepXHTM.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/ReportX.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/MSINET.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/MSCOMCTL.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/MSCAL.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/IBOLE.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/GDS32.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/FM20.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/COMDLG32.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/COMCT232.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/comchartdir.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/ChartViewer.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/chartdir41.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/cdosys.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/_dll/Call32.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/e-manager/emanager.zip via an#####nhoinfo.com.br
- http://www.an#####nhoinfo.com.br/sistemas/downloads/e-manager/tutorial.zip via an#####nhoinfo.com.br
UDP:
- DNS ASK www.an#####nhoinfo.com.br
Другое:
Ищет следующие окна:
- ClassName: 'EDIT' WindowName: ''
Создает и запускает на исполнение:
- '%TEMP%\InstalaDown.exe' script_emanager.txt
Запускает на исполнение:
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\instala.bat" script_emanager.txt"
- '<SYSTEM32>\regsvr32.exe' MSINET.OCX /s
