Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- %TEMP%\1.tmp\K_finger_V1.5.cmd
- %TEMP%\1.tmp\MBRWiz.exe
- %TEMP%\1.tmp\Ghost32.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\K_finger_V1.5.cmd" "
- '<SYSTEM32>\cmd.exe' /c date /t
- '<SYSTEM32>\cmd.exe' /c time /t
- '<SYSTEM32>\netsh.exe' ad s a state off
- '<SYSTEM32>\netsh.exe' f s o d
- '<SYSTEM32>\cmd.exe' /c hostname
- '<SYSTEM32>\hostname.exe'