Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Regisatry Name' = 'C:\RECYCLER\trythis.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'C:\RECYCLER\trythis.exe' = 'C:\RECYCLER\trythis.exe:*:Enabled:RSBX'
- C:\RECYCLER\trythis.exe
- <SYSTEM32>\cmd.exe /c C:\FBJEN.bat
- <SYSTEM32>\netsh.exe firewall add allowedprogram C:\RECYCLER\trythis.exe RSBX ENABLE
- <SYSTEM32>\cmd.exe /c C:\CKMLM.bat
- <SYSTEM32>\cmd.exe /c C:\NIBDM.bat
- C:\RECYCLER\trythis.exe
- C:\FBJEN.bat
- C:\CKMLM.bat
- C:\NIBDM.bat
- 'ir#.##mesurge.net':6667
- DNS ASK ir#.##mesurge.net