Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\netsh.exe' advfirewall set allprofiles state off
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\netsh.exe' dvfirewall firewall set opmode disable
- '<SYSTEM32>\reg.exe' Add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\DEL cash.bat"
- '<SYSTEM32>\reg.exe' Add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments /v SaveZoneInformation /t REG_DWORD /d 0 /f
- '<SYSTEM32>\reg.exe' Add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations /v LowRiskFileTypes /t REG_SZ /d .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;....
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;....
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments] 'SaveZoneInformation' = '00000000'
- %TEMP%\DEL cash.bat
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp