Техническая информация
- Центр обеспечения безопасности (Security Center)
- 'C:\Amdj\nircmd.exe' regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center" "AntiVirusDisableNotify" 1
- 'C:\Amdj\nircmd.exe' regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center" "FirewallDisableNotify" 1
- 'C:\Amdj\nircmd.exe' regsetval dword "HKLM\Software\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
- 'C:\Amdj\nircmd.exe' regsetval dword "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" "ConsentPromptBehaviorAdmin" 0
- '<SYSTEM32>\attrib.exe' +s +a +h c:\Amdj\*
- '<SYSTEM32>\attrib.exe' +s +a +h c:\Amdj
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp1.tmp.bat" "
- C:\Amdj\Data1e1.bin
- C:\Amdj\Data1d1.bin
- C:\Amdj\Data1c1.bin
- %TEMP%\tmp1.tmp.bat
- C:\Amdj\Data2.bin
- C:\Amdj\Data1g1.bin
- C:\Amdj\Data1b1.bin
- C:\Amdj\task.exe
- C:\Amdj\nircmd.exe
- C:\Amdj\smsss.exe
- C:\Amdj\Data1a1.bin
- C:\Amdj\Data.bin
- C:\Amdj\msvcr110.dll
- C:\Amdj\msvcr110.dll
- C:\Amdj\Data2.bin
- C:\Amdj\Data1g1.bin
- C:\Amdj\task.exe
- C:\Amdj\smsss.exe
- C:\Amdj\nircmd.exe
- C:\Amdj\Data1b1.bin
- C:\Amdj\Data1a1.bin
- C:\Amdj\Data.bin
- C:\Amdj\Data1e1.bin
- C:\Amdj\Data1d1.bin
- C:\Amdj\Data1c1.bin