Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SecurityHealthService] 'ImagePath' = '<SYSTEM32>\SecurityHealthService.exe'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- http://lo###sap.net/down/ip.php
- DNS ASK lo###sap.net
- '%WINDIR%\syswow64\cmd.exe' /c "bcdedit /set {current} nx AlwaysOff"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c "netsh advfirewall set allprofiles state off"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c "bcdedit /set {current} nx AlwaysOff"
- '%WINDIR%\syswow64\cmd.exe' /c "netsh advfirewall set allprofiles state off"
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off