Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update.exe' = '%APPDATA%\Update.exe'
- %APPDATA%\Update.exe
- '<Полный путь к файлу>'
- '<SYSTEM32>\sc.exe' stop MpsSvc
- '<SYSTEM32>\sc.exe' config MpsSvc start= disabled
- '<SYSTEM32>\sc.exe' delete MpsSvc
- '<SYSTEM32>\sc.exe' stop SharedAccess
- '<SYSTEM32>\sc.exe' config SharedAccess start= disabled
- '<SYSTEM32>\sc.exe' delete SharedAccess
- '<SYSTEM32>\sc.exe' stop Windows Defender (managed by AlwaysUpService)
- '<SYSTEM32>\sc.exe' config Windows Defender (managed by AlwaysUpService) start= disabled
- '<SYSTEM32>\sc.exe' delete Windows Defender (managed by AlwaysUpService)