Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MyScript' = '<SYSTEM32>\webvirus_id2.vbs'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ftp.exe' = '<SYSTEM32>\ftp.exe:*:Enabled:ftp'
- <SYSTEM32>\WinRAR.exe e -y -ibck -inul Koala.rar
- <SYSTEM32>\wscript.exe "<SYSTEM32>\webvirus_id2.vbs"
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\ftp.exe ftp ENABLE
- <SYSTEM32>\ftp.exe -s:get_id2.txt
- <SYSTEM32>\rundll32.exe user32.dll, UpdatePerUserSystemParameters
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\unrar.bat" "
- <SYSTEM32>\wscript.exe "<SYSTEM32>\shef.vbs"
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\ftp_unlock.bat" "
- <SYSTEM32>\wscript.exe "<SYSTEM32>\ftp_unlock.vbs"
- <SYSTEM32>\vir_id2.vbs
- <SYSTEM32>\vir_id2.bat
- <SYSTEM32>\get_id2.txt
- <SYSTEM32>\podpiska.txt
- <SYSTEM32>\ftp_unlock.bat
- <SYSTEM32>\webvirus_id2.vbs
- <SYSTEM32>\ftp_unlock.vbs
- <SYSTEM32>\shef.vbs
- <SYSTEM32>\Koala.jpg
- %TEMP%\nsl2.tmp\System.dll
- %APPDATA%\WinRAR\version.dat
- <SYSTEM32>\WinRAR.exe
- <SYSTEM32>\unrar.bat
- <SYSTEM32>\ftp_unlock.vbs
- <SYSTEM32>\Koala.rar
- %TEMP%\nsl2.tmp\System.dll
- '31.##0.160.78':21
- 'localhost':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'WinRarWindow' WindowName: ''