Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\vs.exe' = '%TEMP%\vs.exe:*:Enabled:ST3Server'
- '%TEMP%\vs.exe' -run
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="ST3Server" dir=out action=allow program="%TEMP%\vs.exe" enable=yes
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="ST3Server" dir=in action=allow program="%TEMP%\vs.exe" enable=yes
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\vs.exe" "ST3Server" ENABLE
- %TEMP%\vs.exe
- %TEMP%\UltraVNC.ini
- %TEMP%\vnchooks.dll
- 'localhost':5900
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'