Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %ProgramFiles(x86)%\resources\roboto.ttf
- %ProgramFiles(x86)%\resources\fontawesome.ttf
- %WINDIR%\xtreme.sys
- %WINDIR%\inject.dll
- %WINDIR%\swex.exe
- %ALLUSERSPROFILE%\socket.config.ini
- 'ap###ocket.xyz':80
- http://ap###ocket.xyz/hax/check-version
- DNS ASK ap###ocket.xyz
- '%WINDIR%\syswow64\cmd.exe' /C netsh advfirewall set allprofiles state off' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C netsh advfirewall set allprofiles state on' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C netsh advfirewall set allprofiles state off
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off
- '%WINDIR%\syswow64\cmd.exe' /C netsh advfirewall set allprofiles state on
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state on
- '%WINDIR%\syswow64\cmd.exe' /c pause >nul