Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Полный путь к вирусу>' = '<Полный путь к вирусу>:*:Enabled:Windows Messanger'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\net.exe' stop security center
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\net1.exe' stop security center
- '<SYSTEM32>\net1.exe' stop WinDefend
- '<SYSTEM32>\reg.exe' ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "<Полный путь к вирусу>" /t REG_SZ /d "<Полный путь к вирусу>:*:Enabled:Windows Messanger" /f
- '<SYSTEM32>\reg.exe' ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "EnableFirewall" /t REG_DWORD /d "0" /f
- '<SYSTEM32>\net.exe' stop WinDefend
- '<SYSTEM32>\reg.exe' ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f
- 'my#s.me':80
- 'ko#####cum.blogspot.com':80
- 'wh##.amung.us':80
- my#s.me/log5.php?lo###################################
- ko#####cum.blogspot.com/
- wh##.amung.us/swidget/sansurexe.pnh
- DNS ASK my#s.me
- DNS ASK ko#####cum.blogspot.com
- DNS ASK wh##.amung.us