Техническая информация
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE
- %TEMP%\rarsfx0\codesmart_2013_vb6.exe
- %TEMP%\rarsfx0\server.dll.exe
- %TEMP%\server.exe
- %TEMP%\is-s3t1e.tmp\codesmart_2013_vb6.tmp
- %TEMP%\is-34gah.tmp\_isetup\_setup64.tmp
- %TEMP%\is-34gah.tmp\_isetup\_shfoldr.dll
- http://pa###bin.com/raw/G22mcBad
- DNS ASK pa###bin.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\server.dll.exe'
- '%TEMP%\server.exe'
- '%TEMP%\rarsfx0\codesmart_2013_vb6.exe'
- '%TEMP%\is-s3t1e.tmp\codesmart_2013_vb6.tmp' /SL5="$E0242,14849039,118784,%TEMP%\RarSFX0\codesmart_2013_vb6.exe"
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\server.exe" "server.exe" ENABLE' (со скрытым окном)