Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\1.tmp\Server.exe' = '%TEMP%\1.tmp\Server.exe:*:Enabled:Server.e...
- '%TEMP%\1.tmp\Server.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\1.tmp\Server.exe" "Server.exe" ENABLE
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\2.bat" <Полный путь к файлу>"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\1.tmp\facture.jpg
- %TEMP%\1.tmp\Server.exe
- %TEMP%\1.tmp\facture.jpg
- %TEMP%\1.tmp\2.bat
- %TEMP%\1.tmp\2.bat
- 'pa###bin.com':80
- 'wp#d':80
- '14#.#05.70.30':1177
- http://pa###bin.com/raw/YQ0aQh6U
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK pa###bin.com
- DNS ASK wp#d
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''