Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'PWNAGE' = '<DRIVERS>\dd.bat'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\reg.exe add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v PWNAGE /t REG_SZ /d <DRIVERS>\dd.bat /f
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f
- <SYSTEM32>\rundll32.exe user32,SwapMouseButton
- C:\9192.txt
- C:\16367.txt
- C:\15368.txt
- C:\1716.txt
- C:\16065.txt
- C:\22964.txt
- C:\15290.txt
- C:\14236.txt
- C:\5513.txt
- C:\32130.txt
- C:\7085.txt
- C:\23320.txt
- C:\8538.txt
- C:\21863.txt
- C:\5207.txt
- C:\28308.txt
- C:\16490.txt
- C:\25728.txt
- C:\25473.txt
- C:\6611.txt
- C:\7088.txt
- C:\25408.txt
- C:\14120.txt
- C:\11371.txt
- C:\24356.txt
- C:\13224.txt
- C:\3549.txt
- C:\7903.txt
- C:\12123.txt
- C:\16686.txt
- C:\25.txt
- C:\5505.txt
- C:\20684.txt
- C:\16731.txt
- %TEMP%\281287RE.bat
- C:\14645.txt
- C:\23360.txt
- C:\5202.txt
- C:\20759.txt
- C:\1452.txt
- C:\10759.txt
- C:\26590.txt
- C:\30218.txt
- C:\9644.txt
- C:\9467.txt
- C:\31885.txt
- C:\5960.txt
- C:\13654.txt
- C:\979.txt
- C:\20820.txt
- C:\14441.txt
- %TEMP%\281287RE.bat