Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Firewall' = '%WINDIR%\MicrosoftFirewall.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\RemoteRegistry] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- '%WINDIR%\MicrosoftFirewall.exe'
- '<SYSTEM32>\reg.exe' add \\127.0.0.1\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile /v EnableFirewall /t reg_dword /d 00000000 /F
- '<SYSTEM32>\reg.exe' add \\127.0.0.1\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall /t reg_dword /d 00000000 /F
- '<SYSTEM32>\sc.exe' \\127.0.0.1 config RemoteRegistry start= auto
- '<SYSTEM32>\sc.exe' \\127.0.0.1 start RemoteRegistry
- %WINDIR%\MicrosoftFirewall.exe
- \Device\LanmanRedirector\127.0.0.1\PIPE\winreg
- \Device\LanmanRedirector\127.0.0.1\pipe\svcctl
- '12#.#08.27.183':6667
- 'localhost':445