Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\tskill.exe' /A pav*
- '<SYSTEM32>\tskill.exe' /A padmin
- '<SYSTEM32>\tskill.exe' /A cpd*
- '<SYSTEM32>\tskill.exe' /A pop*
- '<SYSTEM32>\tskill.exe' /A panda*
- '<SYSTEM32>\tskill.exe' /A syman*
- '<SYSTEM32>\tskill.exe' /A virus*
- '<SYSTEM32>\tskill.exe' /A avsch*
- '<SYSTEM32>\tskill.exe' /A sche*
- '<SYSTEM32>\tskill.exe' /A pcc*
- '<SYSTEM32>\tskill.exe' /A ccc*
- '<SYSTEM32>\tskill.exe' /A npfmn*
- '<SYSTEM32>\tskill.exe' /A norton*
- '<SYSTEM32>\tskill.exe' /A norton au*
- '<SYSTEM32>\tskill.exe' /A loge*
- '<SYSTEM32>\tskill.exe' /A tmp*
- '<SYSTEM32>\tskill.exe' /A tmn*
- '<SYSTEM32>\tskill.exe' /A nisum*
- '<SYSTEM32>\tskill.exe' /A issvc
- '<SYSTEM32>\tskill.exe' /A realm*
- '<SYSTEM32>\net.exe' stop "MpsSvc"
- '<SYSTEM32>\net1.exe' stop "MpsSvc"
- '<SYSTEM32>\net.exe' stop "wuauserv"
- '<SYSTEM32>\net1.exe' stop "wuauserv"
- '<SYSTEM32>\taskkill.exe' /f /t /im "FirewallControlPanel.exe"
- '<SYSTEM32>\wscript.exe' "<Current directory>\msgbox.vbs"
- '<SYSTEM32>\tskill.exe' explorer.exe
- '<SYSTEM32>\net.exe' stop "wscsvc"
- '<SYSTEM32>\net1.exe' stop "wscsvc"
- '<SYSTEM32>\taskkill.exe' /f /t /im "MSASCui.exe"
- '<SYSTEM32>\tskill.exe' /A ad-*
- '<SYSTEM32>\tskill.exe' /A safe*
- '<SYSTEM32>\tskill.exe' /A sweep*
- '<SYSTEM32>\tskill.exe' /A scan*
- '<SYSTEM32>\tskill.exe' /A avas*
- '<SYSTEM32>\net.exe' stop "WinDefend"
- '<SYSTEM32>\net1.exe' stop "WinDefend"
- '<SYSTEM32>\tskill.exe' /A norm*
- '<SYSTEM32>\tskill.exe' /A offg*
- '<SYSTEM32>\tskill.exe' /A cc*
- '<SYSTEM32>\tskill.exe' /A SAFEWEB
- '<SYSTEM32>\tskill.exe' /A OUTPOST
- '<SYSTEM32>\tskill.exe' /A KAV*
- '<SYSTEM32>\tskill.exe' /A ZONEALARM
- '<SYSTEM32>\tskill.exe' /A nv*
- '<SYSTEM32>\tskill.exe' /A ESAFE
- '<SYSTEM32>\tskill.exe' /A cle
- '<SYSTEM32>\tskill.exe' /A nav*
- '<SYSTEM32>\tskill.exe' /A F-*
- '<SYSTEM32>\tskill.exe' /A PersFw
- '<SYSTEM32>\net1.exe' stop я┐╜Security Centerя┐╜
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
- '<SYSTEM32>\cmd.exe' /c ""<Current directory>\temp.bat""
- '<SYSTEM32>\net.exe' stop я┐╜Security Centerя┐╜
- '<SYSTEM32>\tskill.exe' /A av*
- '<SYSTEM32>\tskill.exe' /A spy*
- '<SYSTEM32>\tskill.exe' /A bullguard
- '<SYSTEM32>\tskill.exe' /A fire*
- '<SYSTEM32>\tskill.exe' /A anti*
- '<SYSTEM32>\tskill.exe' /A BLACKICE
- '<SYSTEM32>\tskill.exe' /A msiexec
- '<SYSTEM32>\tskill.exe' /A isafe
- '<SYSTEM32>\tskill.exe' /A mcafe*
- '<SYSTEM32>\tskill.exe' /A mghtml
- '<SYSTEM32>\tskill.exe' /A zap*
- '<SYSTEM32>\tskill.exe' /A zlclien*
- '<SYSTEM32>\tskill.exe' /A minilog
- '<SYSTEM32>\tskill.exe' /A zauinst
- '<SYSTEM32>\tskill.exe' /A upd*
- '<SYSTEM32>\tskill.exe' /A msmp*
- '<SYSTEM32>\tskill.exe' /A avg*
- '<SYSTEM32>\tskill.exe' /A ash*
- '<SYSTEM32>\tskill.exe' /A def*
- '<SYSTEM32>\tskill.exe' /A kav
- '<SYSTEM32>\tskill.exe' /A aswupdsv
- '<SYSTEM32>\tskill.exe' /A guar*
- '<SYSTEM32>\tskill.exe' /A gcasDt*
- '<SYSTEM32>\tskill.exe' /A ewid*
- '<SYSTEM32>\tskill.exe' /A guard*
- outpost.exe
- NAVAPW32.EXE
- firefox.exe
- ZONEALARM.EXE
- ash.exe
- GUARD.EXE
- zapro.exe
- ashAvast.exe
- ashAvSrv.exe
- AVGCTRL.EXE
- AVP.COM
- avgcc.exe
- AVGCC32.EXE
- AVP.EXE
- AVPM.EXE
- AVSYNMGR.EXE
- AVP32.EXE
- AVPCC.EXE
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\meatspin[1]
- <Current directory>\msgbox.vbs
- <Current directory>\temp.bat
- <Current directory>\codetalk.vbs
- 'www.me###pin.com':80
- 'localhost':1035
- www.me###pin.com/
- DNS ASK www.me###pin.com
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: '' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'IEFrame' WindowName: '(null)'