Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Sysinternals2' = '%APPDATA%\receita.exe'
- '%APPDATA%\dll64.cpl'
- '%APPDATA%\receita.exe'
- '%APPDATA%\dll64.cpl' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\dll64[1].cpl
- %APPDATA%\dll64.cpl
- %APPDATA%\receita.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\single[1]
- 'fo###ngs.com':80
- 'ab####ngtat.com.br':80
- 'www.fo###ngs.com':80
- fo###ngs.com/single
- fo###ngs.com/dll64.cpl
- www.fo###ngs.com/hosts
- ab####ngtat.com.br/controle/add.php
- DNS ASK fo###ngs.com
- DNS ASK ab####ngtat.com.br
- DNS ASK www.fo###ngs.com
- ClassName: 'Indicator' WindowName: '(null)'