Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ming' = '<Full path to file>'
- C:\$RECYCLE.BIN-98411992192-69118pp\Csrss360.exe
- \Device\LanmanRedirector\10.0.0.2\admin$\csrss.exe
- <Full path to file>
- <SYSTEM32>\config\AppEvent.Evt
- <SYSTEM32>\config\SecEvent.Evt
- C:\$RECYCLE.BIN-98411992192-69118pp\Csrss360.exe
- C:\$RECYCLE.BIN-98411992192-69118pp\Csrss360.exe
- '<LOCALNET_GATEWAY>':445
- '<LOCALNET_GATEWAY>':139
- '<LOCALNET_GATEWAY>':80
- '<LOCALNET>.0.2':445
- '<LOCALNET>.0.2':80
- '<SYSTEM32>\cmd.exe' /c reg add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
- '<SYSTEM32>\cmd.exe' /c reg add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations /v ModRiskFileTypes /t REG_SZ /d .exe;.bat;.vbs /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender" /v "DisableAntiSpyware" /d 1 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations /v ModRiskFileTypes /t REG_SZ /d .exe;.bat;.vbs /f