Technical Information
Malicious functions:
Executes the following:
- <SYSTEM32>\mmc.exe devmgmt.msc
- <SYSTEM32>\net1.exe stop srservice
- <SYSTEM32>\rundll32.exe USER32.DLL,UpdatePerUserSystemParameters
- <SYSTEM32>\net.exe stop srservice
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''