Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'Ferramenta do Office' = '%TEMP%\ctfmon.exe'
- <SYSTEM32>\attrib.exe -r -a -s -h "%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\prefs.js"
- <SYSTEM32>\find.exe "prefs.js"
- <SYSTEM32>\find.exe "Internet Explorer\Main"
- <SYSTEM32>\reg.exe export HKU %TEMP%\~r.tmp
- <SYSTEM32>\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "Ferramenta do Office" /t REG_SZ /d "%TEMP%\ctfmon.exe"
- <SYSTEM32>\find.exe "Windows 98"
- <SYSTEM32>\find.exe "TTL"
- <SYSTEM32>\ping.exe bola.amigos2010.com -n 1 -l 1
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ver.amigos2010[1]
- %TEMP%\~r.tmp
- %TEMP%\~i.tmp
- %TEMP%\~1.bat
- %TEMP%\sys32ssl.dll
- %TEMP%\ploc.txt
- %TEMP%\~1.bat
- 've#.##igos2010.com':80
- 'localhost':1036
- ve#.##igos2010.com/
- DNS ASK ve#.##igos2010.com
- DNS ASK bo##.#migos2010.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''