Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '%PROGRAM_FILES%\\GbpSv.exe'
- Средство контроля пользовательских учетных записей (UAC)
- C:\_ibserver.exe
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- <SYSTEM32>\winlogon.exe
- <SYSTEM32>\services.exe
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\CMD2.INI
- C:\_ibserver.exe
- %PROGRAM_FILES%\GbpSv.exe
- <SYSTEM32>\CMD.INI
- 'www.bb.#om.br':80
- 'localhost':1037
- 'www.me####orfose.com':80
- www.bb.#om.br/portalbb/home23,116,116,1,1,1,1.bb
- www.me####orfose.com/admin/msc/php2.php
- DNS ASK www.se###a.com.br
- DNS ASK www.bb.#om.br
- DNS ASK www.me####orfose.com
- ClassName: 'Shell DocObject View' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'TApplication' WindowName: 'Internet Explorer -'
- ClassName: '' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''