Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:<Virus name>.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program = "<Full path to virus>" name = <Virus name>.exe mode = ENABLE scope = ALL
- <SYSTEM32>\d3d9caps.dat
- ClassName: 'SysListView32' WindowName: ''