Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Gerenciador de Sessao' = '%ALLUSERSPROFILE%\snss.exe -noconsole SecurityTypes=VncAuth Password=2CACFCDE6C37A505 DisableClose=1 DisableOptions=1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Internet Explorer' = '"%ALLUSERSPROFILE%\iexplore.exe" /logon'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- %ALLUSERSPROFILE%\snss.exe -noconsole SecurityTypes=VncAuth Password=2CACFCDE6C37A505 DisableClose=1 DisableOptions=1
- <SYSTEM32>\netsh.exe firewall set opmode mode = disable
- %ALLUSERSPROFILE%\snss.exe
- %ALLUSERSPROFILE%\iexplore.exe
- 'www.ci##4.com':80
- www.ci##4.com/modules/mod_dcslock.php
- DNS ASK www.ci##4.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Shell_TrayWnd' WindowName: ''