Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:<Full path to virus>'
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="<Full path to virus>" dir=in action=allow program="<Full path to virus>" enable=yes
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<Full path to virus>" "<Full path to virus>" ENABLE
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'