Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system32' = '<SYSTEM32>\system32.exe'
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\system32.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\netsh.exe firewall set opmode mode=disable
- <SYSTEM32>\attrib.exe +s +h <SYSTEM32>\system32.exe
- <SYSTEM32>\taskkill.exe /f /im wscntfy.exe
- <SYSTEM32>\attrib.exe +s +h %ALLUSERSPROFILE%\Start Menu\Programs\Startup\system32.exe
- <SYSTEM32>\system32.exe
- <SYSTEM32>\system32.exe
- 'vr##.hopto.org':80
- DNS ASK vr##.hopto.org
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''