Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MS-Windows-secretly' = '<SYSTEM32>\borg.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ftp.exe' = '<SYSTEM32>\ftp.exe:*:Enabled:WebBrowsing'
- <SYSTEM32>\netsh.exe firewall add allowedprogram <SYSTEM32>\ftp.exe WebBrowsing ENABLE
- %WINDIR%\regedit.exe /S "%HOMEPATH%\Local Settings\Temp.\kill.reg"
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\syssvr.bat" "
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\reg.bat" "
- <DRIVERS>\config.sys
- <SYSTEM32>\system.bat
- %TEMP%\kill.reg
- <SYSTEM32>\borg.exe
- <SYSTEM32>\reg.bat
- <SYSTEM32>\syssvr.bat
- %TEMP%\kill.reg
- ClassName: 'RegEdit_RegEdit' WindowName: ''