Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows-Audio Driver' = '%PROGRAMDATA%\wscntfy.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Windows-Network Component' = '%CommonProgramFiles(x86)%\lsmass.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{c84d25cd-f368-11e4-889d-806e6f6e6963}] 'StubPath' = '%PROGRAMDATA%\wscntfy.exe -r'
- скрытых файлов
- Средство контроля пользовательских учетных записей (UAC)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram program="%PROGRAMDATA%\wscntfy.exe" name="Windows-Audio Driver" mode=ENABLE scope=ALL profile=ALL
- %PROGRAMDATA%\wscntfy.exe
- %CommonProgramFiles(x86)%\lsmass.exe
- %PROGRAMDATA%\wscntfy.exe
- %CommonProgramFiles(x86)%\lsmass.exe
- http://46.##6.163.101/zemra/gate.php
- '%PROGRAMDATA%\wscntfy.exe'
- '%CommonProgramFiles(x86)%\lsmass.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /hint /ETOnly 0 /OnProfiles 6 /OtherAllowed 3 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%PROGRAMDATA%\wscntfy.exe"