Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\NETSH.EXE' firewall set opmode mode = disable
- '<SYSTEM32>\svchost.exe' -k NetworkServiceNetworkRestricted
- '<SYSTEM32>\NETSH.EXE' firewall set notifications mode = disable
- '<SYSTEM32>\ntvdm.exe' -i1
- '<SYSTEM32>\ntvdm.exe' -i2
- %TEMP%\scsBAD7.tmp
- %TEMP%\scsBAF6.tmp
- %TEMP%\scsB940.tmp
- %TEMP%\scsBA1B.tmp
- %TEMP%\scsBA1B.tmp
- %TEMP%\scsBAF6.tmp
- %TEMP%\scsB940.tmp
- %TEMP%\scsBAD7.tmp
- '19#.#62.25.142':80
- http://19#.#62.25.142/executaram1.php
- '20#.#6.232.182':3544
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-250.994.cd0'
- ClassName: '' WindowName: 'Gerenciador de tarefas do windows'
- ClassName: '' WindowName: 'Plugin Instalacao - Banco Santander / Real'
- ClassName: 'ConsoleWindowClass' WindowName: 'ntvdm-3c4.9ec.700'