Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Cleanup' = 'C:\cleanup.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\naqpfuox] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\naqpfuox] 'ImagePath' = 'system32\drivers\xodi.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\hookmgr] 'ImagePath' = '<Текущая директория>\hookmgr.sys'
- '%TEMP%\mod.exe' /nogui /reboot modelo.txt
- '<SYSTEM32>\cmd.exe' /c %TEMP%\mod.bat
- '<SYSTEM32>\schtasks.exe' /Create /TN Update\playerk.exe /XML "%TEMP%\data2.xml"
- <DRIVERS>\xodi.sys
- %WINDIR%\malwn.txt
- C:\zip.exe
- C:\cleanup.exe
- C:\cleanup.bat
- %TEMP%\mod.bat
- %TEMP%\data2.xml
- %TEMP%\data.xml
- <Текущая директория>\hookmgr.sys
- %TEMP%\mod.exe
- %TEMP%\modelo.txt
- <Текущая директория>\hookmgr.sys
- %TEMP%\data.xml
- 'br#####rodutos2016.com':80
- '<L###LNET>.0.2':445
- http://br#####rodutos2016.com/cont/lop.php
- DNS ASK br#####rodutos2016.com
- ClassName: '' WindowName: 'Aplicativo Itau'
- ClassName: 'BUTTONCLASS' WindowName: ''