Техническая информация
- '<SYSTEM32>\taskkill.exe' /F /IM cmd.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\5i7v5C6o3k.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\3u3p5B.bat
- '<SYSTEM32>\taskkill.exe' /f /t /im av*
- <SYSTEM32>\cmd.exe
- AVPCC.EXE
- AVP32.EXE
- AVSYNMGR.EXE
- AVPM.EXE
- AVP.EXE
- AVGCC32.EXE
- avgcc.exe
- AVP.COM
- AVGCTRL.EXE
- %PROGRAM_FILES%\4d0h1V0L1g\8L4o5i.7k8G0H
- %PROGRAM_FILES%\4d0h1V0L1g\1A8O6z.2K6x4q
- %TEMP%\5i7v5C6o3k.bat
- %TEMP%\3u3p5B.bat
- %PROGRAM_FILES%\4d0h1V0L1g\3l1f7j.8D2t7b
- %PROGRAM_FILES%\4d0h1V0L1g\1f6B3F.2S8h7M
- %PROGRAM_FILES%\4d0h1V0L1g\8L4o5i.7k8G0H
- %PROGRAM_FILES%\4d0h1V0L1g\1A8O6z.2K6x4q
- %PROGRAM_FILES%\4d0h1V0L1g\3l1f7j.8D2t7b
- %PROGRAM_FILES%\4d0h1V0L1g\1f6B3F.2S8h7M
- 'cp#######.publiccloud.com.br':80
- cp#######.publiccloud.com.br/150813/pe50/mo30.pdf
- cp#######.publiccloud.com.br/150813/pe50/mo40.pdf
- cp#######.publiccloud.com.br/150813/pe50/mo10.pdf
- cp#######.publiccloud.com.br/150813/pe50/mo20.pdf
- DNS ASK cp#######.publiccloud.com.br
- ClassName: 'MS_WINHELP' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'