Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'messenger' = 'C:\Arquivos de programas\Messenger\ctfmon.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\ULU3YH2D\upload[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\SL6TKFAX\upload[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\ctfmon[1].exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\ctfmon[1].exe
- 'h1.##pway.com':80
- 'localhost':1036
- h1.##pway.com/boladadavez/upload.exe
- h1.##pway.com/boladavez/upload.exe
- h1.##pway.com/boladadavez/ctfmon.exe
- h1.##pway.com/boladavez/ctfmon.exe
- DNS ASK h1.##pway.com
- ClassName: 'Indicator' WindowName: ''