Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'C:\System\SystemVnc\SystemFiles\winvnc.exe' = 'C:\System\SystemVnc\SystemFiles\winvnc.exe:*:Enabled:OverSight'
- C:\System\SystemVnc\SystemFiles\lsoss.exe
- <SYSTEM32>\tskill.exe svcohst
- <SYSTEM32>\tskill.exe *0m3g4*
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3
- <SYSTEM32>\tskill.exe lsoss
- <SYSTEM32>\netsh.exe firewall add allowedprogram "C:\System\SystemVnc\SystemFiles\winvnc.exe" "OverSight" ENABLE
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\cmd.exe /c ""C:\System\SystemVnc\SystemTemp\Relocate.bat""
- C:\System\SystemVnc\SystemTemp\Relocate.bat
- <SYSTEM32>\svcohst.exe
- C:\System\SystemVnc\SystemFiles\lsoss.exe
- C:\System\SystemVnc\SystemFiles\ultravnc.ini
- C:\System\SystemVnc\SystemFiles\winvnc
- C:\System\SystemVnc\SystemFiles\SCHook
- C:\System\SystemVnc\SystemFiles\vnchooks
- C:\System\SystemVnc\SystemTemp\Relocate.bat
- 'wh###smyip.org':80
- 'wp#d':80
- 'localhost':1036
- wh###smyip.org/
- wp#d/wpad.dat
- DNS ASK wh###smyip.org
- DNS ASK 0m###.Sytes.Net
- DNS ASK www.google.com
- DNS ASK wp#d