Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'wirar.bat' = '%PROGRAM_FILES%\WinRAR\wirar.bat'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\ftp.exe' -s:c:\systn\2.txt
- '<SYSTEM32>\netsh.exe' firewall set opmode enable
- '<SYSTEM32>\msg.exe' *
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\1a.bat""
- '<SYSTEM32>\mode.com' 20,1
- '<SYSTEM32>\reg.exe' import urir.reg
- C:\systn\6666.txt
- C:\systn\2222.txt
- %HOMEPATH%\wf.txt
- C:\ok.txt
- C:\systn\2.txt
- C:\systn\7777.txt
- C:\wirar.bat
- C:\wf.txt
- %TEMP%\1.tmp\1a.bat
- %WINDIR%\wf.txt
- C:\systn\wf.txt
- C:\Urir.reg
- C:\systn\wf.txt
- C:\ok.txt
- %TEMP%\1.tmp\1a.bat
- C:\systn\7777.txt
- C:\systn\2.txt
- C:\systn\2222.txt
- C:\systn\6666.txt
- 'ma#####r11.net76.net':21
- 'localhost':1037
- DNS ASK ma#####r11.net76.net
- ClassName: 'Indicator' WindowName: ''