Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'System' = '<SYSTEM32>\SchostHq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\HFU Service] 'Start' = '00000002'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\HFUService.exe'
- '<SYSTEM32>\SchostHq.exe'
- '<SYSTEM32>\HFUService.exe' /install /silent
- '<SYSTEM32>\cacls.exe' "<DRIVERS>\etc\hosts" /e /c /g Everyone:F
- '<SYSTEM32>\sc.exe' stop wuauserv
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;'
- %TEMP%\Incendio.pdf
- %TEMP%\32F2F.dmp
- %TEMP%\dw.log
- <SYSTEM32>\libcurl.dll
- <SYSTEM32>\ConfReader.conf
- <SYSTEM32>\SchostHq.exe
- <SYSTEM32>\HFUService.exe
- <SYSTEM32>\SchostHq.exe
- %TEMP%\Incendio.pdf
- <SYSTEM32>\HFUService.exe
- <SYSTEM32>\ConfReader.conf
- <SYSTEM32>\libcurl.dll
- 'pa####-network.cc':21
- DNS ASK pa####-network.cc
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'TForm_Incendio' WindowName: 'Form_Incendio'