Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- http://ch####upreme.com/Xor/version.txt
- DNS ASK ch####upreme.com
- '%WINDIR%\syswow64\cmd.exe' /c powershell Set-MpPreference -DisableRealtimeMonitoring 1
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-MpPreference -DisableRealtimeMonitoring 1
- '%WINDIR%\syswow64\cmd.exe' /c powershell Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall set allprofiles state off
- '%WINDIR%\syswow64\netsh.exe' advfirewall set allprofiles state off
- '%WINDIR%\syswow64\cmd.exe' /c cls