Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Диспетчера задач (Taskmgr)
- '<SYSTEM32>\reg.exe' stop wscsvc
- '<SYSTEM32>\sc.exe' /pid=3620
- '<SYSTEM32>\reg.exe' firewall set opmode disable
- '<SYSTEM32>\reg.exe' /pid=784
- '<SYSTEM32>\reg.exe' /pid=2760
- '<SYSTEM32>\sc.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskmgr /t REG_DWORD /d 0x00000001 /f
- '<SYSTEM32>\sc.exe' /pid=808
- '<SYSTEM32>\sc.exe' /pid=3308
- '<SYSTEM32>\netsh.exe' firewall set opmode disable
- '<SYSTEM32>\sc.exe' config wscsvc start= disabled
- '<SYSTEM32>\sc.exe' stop wscsvc
- '<SYSTEM32>\reg.exe' ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskmgr /t REG_DWORD /d 0x00000001 /f
- '<SYSTEM32>\reg.exe' /pid=3256
- '<SYSTEM32>\sc.exe' firewall set opmode disable
- '<SYSTEM32>\sc.exe' /pid=1720
- <SYSTEM32>\netsh.exe
- <SYSTEM32>\reg.exe
- <SYSTEM32>\sc.exe
- 'dr####a22.no-ip.biz':3131
- DNS ASK dr####a22.no-ip.biz
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'