Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Cleanup' = 'C:\cleanup.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\ktsiluc] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\ktsiluc] 'ImagePath' = 'system32\drivers\jxeskkp.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\hookmgr] 'ImagePath' = '<Текущая директория>\hookmgr.sys'
- '%TEMP%\mod.exe' /nogui /reboot modelo.txt
- '<SYSTEM32>\cmd.exe' /c %TEMP%\mod.bat
- '<SYSTEM32>\schtasks.exe' /Create /TN Update\ksystem.exe /XML "%TEMP%\data2.xml"
- firefox.exe
- chrome.exe
- <DRIVERS>\jxeskkp.sys
- %WINDIR%\uuybes.txt
- C:\zip.exe
- C:\cleanup.exe
- C:\cleanup.bat
- %TEMP%\mod.bat
- %TEMP%\data2.xml
- %TEMP%\data.xml
- <Текущая директория>\hookmgr.sys
- %TEMP%\mod.exe
- %TEMP%\modelo.txt
- <Текущая директория>\hookmgr.sys
- %TEMP%\data.xml
- 'ma########001-site1.ctempurl.com':80
- '<L###LNET>.0.2':445
- http://ma########001-site1.ctempurl.com/box/lop.php
- DNS ASK ma########001-site1.ctempurl.com
- ClassName: '' WindowName: 'Aplicativo Itau'
- ClassName: 'BUTTONCLASS' WindowName: ''