Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '<SYSTEM32>\mizi\window.exe'
- <SYSTEM32>\net.exe stop SharedAccess
- <SYSTEM32>\net1.exe stop SharedAccess
- <SYSTEM32>\netsh.exe firewall set opmode mode-disable
- <SYSTEM32>\cmd.exe /c <SYSTEM32>\mizi\stop.bat
- <SYSTEM32>\net.exe stop "Security Center"
- <SYSTEM32>\net1.exe stop "Security Center"
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoClose' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- <SYSTEM32>\mizi\stop.bat
- <SYSTEM32>\mizi\autorun.inf
- <SYSTEM32>\mizi\stop.bat
- <SYSTEM32>\mizi\autorun.inf
- ClassName: 'AutoHotkey' WindowName: '<Полный путь к вирусу>'