Техническая информация
- Средство контроля пользовательских учетных записей (UAC)
- C:\Temp\Statement.exe
- <SYSTEM32>\sc.exe delete windefend
- <SYSTEM32>\sc.exe delete wuauserv
- <SYSTEM32>\sc.exe delete SharedAccess
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v HIDESCAHEALTH /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v AllowElevatedProcess /t REG_DWORD /d 1 /f
- <SYSTEM32>\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
- <SYSTEM32>\sc.exe delete MpsSvc
- <SYSTEM32>\sc.exe stop MpsSvc
- <SYSTEM32>\taskkill.exe /F /IM msseces.exe
- <SYSTEM32>\cmd.exe /c ""%TEMP%\1.tmp\Statement.bat" "
- <SYSTEM32>\sc.exe stop windefend
- <SYSTEM32>\sc.exe stop wuauserv
- <SYSTEM32>\sc.exe stop SharedAccess
- C:\Temp\sip.exe
- C:\Temp\Statement.exe
- %TEMP%\1.tmp\Statement.bat
- C:\Temp\Statement.doc
- C:\Temp\Matrix.exe
- C:\Temp\rar.exe
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''