Техническая информация
- '<SYSTEM32>\TASKKILL.exe' /F /IM cmd.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\8e2v1q2f.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\7L8l6A.bat
- '<SYSTEM32>\taskkill.exe' /f /t /im av*
- <LS_APPDATA>\3V0C5W2z1J\6j7B2H.7w1s5B
- <LS_APPDATA>\3V0C5W2z1J\1G5P0E.4t2q3f
- %TEMP%\8e2v1q2f.bat
- %TEMP%\7L8l6A.bat
- <LS_APPDATA>\3V0C5W2z1J\4H0m3v.8Y1N8x
- <LS_APPDATA>\3V0C5W2z1J\4L2s3v.6T5N2I
- <LS_APPDATA>\3V0C5W2z1J\6j7B2H.7w1s5B
- <LS_APPDATA>\3V0C5W2z1J\1G5P0E.4t2q3f
- <LS_APPDATA>\3V0C5W2z1J\4H0m3v.8Y1N8x
- <LS_APPDATA>\3V0C5W2z1J\4L2s3v.6T5N2I
- 'cp#######.publiccloud.com.br':80
- cp#######.publiccloud.com.br/modelo/casa30.pdf
- cp#######.publiccloud.com.br/modelo/casa40.pdf
- cp#######.publiccloud.com.br/modelo/casa10.pdf
- cp#######.publiccloud.com.br/modelo/casa20.pdf
- DNS ASK cp#######.publiccloud.com.br
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'