Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GDIFORCE64' = 'C:\TOKONET\SKPNET.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SKPNET' = '\TOKONET\SKPNET.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ICore5' = '\TOKONET\SKPNET.exe'
- 'C:\TOKONET\SKPNET.exe'
- '<SYSTEM32>\net1.exe' stop WinDefend
- '<SYSTEM32>\sc.exe' delete WinDefend
- '<SYSTEM32>\net.exe' stop WinDefend
- C:\TOKONET\SKPNET.exe
- C:\TOKONET\arquivo.zip
- C:\TOKONET\arquivo.zip
- ClassName: 'Shell_TrayWnd' WindowName: ''