Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss' = 'C:\Arquivos de programas\csrss.exe'
- %WINDIR%\Tasks\balada.job
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\csrss.exe
- <SYSTEM32>\schtasks.exe /create /tn balada /tr c:\autoexec.bat /sc onstart /ru system
- C:\autoexec.bat
- %WINDIR%\deltemp.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\deltemp[1].exe
- 'www.ap######.#utomatica-developers.com':80
- 'www.r0###nk3d.net':80
- 'localhost':1035
- www.r0###nk3d.net/windows/deltemp.exe
- www.ap######.#utomatica-developers.com/priv8send.php
- DNS ASK www.ap######.#utomatica-developers.com
- DNS ASK www.r0###nk3d.net
- ClassName: 'TabWindowClass' WindowName: ''
- ClassName: 'Internet Explorer_Server' WindowName: ''
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell DocObject View' WindowName: ''