Technical Information
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- User Account Control (UAC)
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- %TEMP%\3012
- DNS ASK 21####t.no-ip.biz
- ClassName: '' WindowName: 'AVG Firewall Asks for Confirmation'
- ClassName: '' WindowName: 'BitDefender Firewall'
- ClassName: '' WindowName: 'Firewall Alert'
- ClassName: '' WindowName: 'Network event'
- ClassName: '' WindowName: 'Confirm network connection'
- ClassName: '' WindowName: 'Panda Internet Security 2011'
- '%TEMP%\3012' 3012
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f' (with hidden window)
- '%TEMP%\3012' 3012' (with hidden window)
- '<SYSTEM32>\netsh.exe' firewall set opmode disable' (with hidden window)
- '<SYSTEM32>\reg.exe' ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f