Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\netsh.exe firewall add allowedprogram %WINDIR%\Help\iexplorer.exe Scanner ENABLE
- <SYSTEM32>\setup.exe
- <SYSTEM32>\netsh.exe firewall add portopening protocol=ALL port=16661 name="(Firewall enable)" mode=ENABLE scope=SUBNET profile=DOMAIN
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\a00986.bat" <Полный путь к вирусу>"
- <SYSTEM32>\netsh.exe firewall add portopening protocol=TCP port=16661 name="(Firewall enable)" mode=ENABLE scope=SUBNET profile=DOMAIN
- <SYSTEM32>\netsh.exe firewall add portopening protocol=UDP port=16661 name="(Firewall enable)" mode=ENABLE scope=SUBNET profile=DOMAIN
- %WINDIR%\Temp\a00986.bat
- %WINDIR%\Temp\a00986.bat
- %WINDIR%\Temp\a00986.bat
- ClassName: 'Shell_TrayWnd' WindowName: ''