Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windowsmoon' = 'C:\moon.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windowsxoxo' = '%WINDIR%\xoxo.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %WINDIR%\xoxo.exe
- %WINDIR%\xoxo.exe
- '7.###77789.com':250
- DNS ASK 7.###77789.com
- '%WINDIR%\xoxo.exe'
- '<SYSTEM32>\cmd.exe' /c attrib +R +S +H %WINDIR%\xoxo.exe
- '<SYSTEM32>\cmd.exe' /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Windowsmoon /t reg_sz /d "C:\moon.exe" /f
- '<SYSTEM32>\cmd.exe' /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Windowsxoxo /t reg_sz /d "%WINDIR%\xoxo.exe" /f
- '<SYSTEM32>\cmd.exe' /c netsh firewall set opmode disable
- '<SYSTEM32>\attrib.exe' +R +S +H %WINDIR%\xoxo.exe
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Windowsmoon /t reg_sz /d "C:\moon.exe" /f
- '<SYSTEM32>\reg.exe' add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Windowsxoxo /t reg_sz /d "%WINDIR%\xoxo.exe" /f