Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Apple Inc.' = '%PROGRAM_FILES%\QuickTime_.exe -atboottime'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP "QuickTime_.exe (80)"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\ssF[1].php
- %PROGRAM_FILES%\QuickTime_.exe
- %PROGRAM_FILES%\configT.cfg
- %PROGRAM_FILES%\configT.cfg
- 'localhost':1043
- 'lo########a.dominiotemporario.com':80
- 'localhost':445
- 'bi#####emia.site.br.com':80
- lo########a.dominiotemporario.com/images/ssF.php
- bi#####emia.site.br.com/index_arquivos/configT.cfg
- DNS ASK lo########a.dominiotemporario.com
- DNS ASK bi#####emia.site.br.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'