Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'NT Kernel and System' = '<SYSTEM32>\ntkrnl64.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'NT Kernel and System' = '<SYSTEM32>\ntkrnl64.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'NT Kernel and System' = '<SYSTEM32>\ntkrnl64.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NT Kernel and System' = '<SYSTEM32>\ntkrnl64.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\ntkrnl64.exe' = '<SYSTEM32>\ntkrnl64.exe:*:Enabled:NT Kernel and System'
- <SYSTEM32>\ntkrnl64.exe
- <SYSTEM32>\ntkrnl64.exe 1
- <SYSTEM32>\ping.exe 127.0.0.1
- <SYSTEM32>\netsh.exe firewall add allowedprogram "<SYSTEM32>\ntkrnl64.exe" "NT Kernel and System" ENABLE
- <SYSTEM32>\ntkrnl64.exe
- '<IP-адрес в локальной сети>':6667
- ClassName: 'Indicator' WindowName: ''