Trojan.MulDrop18.7668

Техническая информация

Для обеспечения автозапуска и распространения

Устанавливает следующие настройки сервисов

[<HKLM>\System\CurrentControlSet\Services\Winmgmt] 'Start' = '00000002'

Вредоносные функции

Для затруднения выявления своего присутствия в системе

блокирует запуск следующих системных утилит:

Обновления системы (Windows Update)
Центр обеспечения безопасности (Security Center)
Системный антивирус (Защитник Windows)

Изменения в файловой системе

Создает следующие файлы

%TEMP%\bab7.tmp\bab8.tmp\bab9.bat
nul
%WINDIR%\temp\fwtsqmfile01.sqm

Другое

Запускает на исполнение

'<SYSTEM32>\cmd.exe' /c "%TEMP%\BAB7.tmp\BAB8.tmp\BAB9.bat <Полный путь к файлу>"
'<SYSTEM32>\sc.exe' stop ShellHWDetection
'<SYSTEM32>\sc.exe' config SgrmBroker start= disabled
'<SYSTEM32>\sc.exe' stop SgrmBroker
'<SYSTEM32>\sc.exe' config SysMain start= disabled
'<SYSTEM32>\sc.exe' stop SysMain
'<SYSTEM32>\sc.exe' config TieringEngineService start= disabled
'<SYSTEM32>\sc.exe' stop TieringEngineService
'<SYSTEM32>\sc.exe' stop lmhosts
'<SYSTEM32>\sc.exe' config StorSvc start= disabled
'<SYSTEM32>\sc.exe' config SharedRealitySvc start= disabled
'<SYSTEM32>\sc.exe' stop SharedRealitySvc
'<SYSTEM32>\sc.exe' config SCPolicySvc start= disabled
'<SYSTEM32>\sc.exe' stop SCPolicySvc
'<SYSTEM32>\sc.exe' config ScDeviceEnum start= disabled
'<SYSTEM32>\sc.exe' stop ScDeviceEnum
'<SYSTEM32>\sc.exe' config SCardSvr start= disabled
'<SYSTEM32>\sc.exe' stop StorSvc
'<SYSTEM32>\sc.exe' stop SCardSvr
'<SYSTEM32>\sc.exe' stop TapiSrv
'<SYSTEM32>\sc.exe' config TapiSrv start= disabled
'<SYSTEM32>\sc.exe' config TokenBroker start= disabled
'<SYSTEM32>\sc.exe' stop TokenBroker
'<SYSTEM32>\sc.exe' config wmiApSrv start= disabled
'<SYSTEM32>\sc.exe' stop wmiApSrv
'<SYSTEM32>\sc.exe' config WalletService start= disabled
'<SYSTEM32>\sc.exe' stop WalletService
'<SYSTEM32>\sc.exe' config UevAgentService start= disabled
'<SYSTEM32>\sc.exe' stop UsoSvc
'<SYSTEM32>\sc.exe' stop UevAgentService
'<SYSTEM32>\sc.exe' config UsoSvc start= disabled
'<SYSTEM32>\sc.exe' config TabletInputService start= disabled
'<SYSTEM32>\sc.exe' stop TabletInputService
'<SYSTEM32>\sc.exe' config tiledatamodelsvc start= disabled
'<SYSTEM32>\sc.exe' stop tiledatamodelsvc
'<SYSTEM32>\sc.exe' config Themes start= disabled
'<SYSTEM32>\sc.exe' stop Themes
'<SYSTEM32>\sc.exe' config lmhosts start= disabled
'<SYSTEM32>\sc.exe' config ShellHWDetection start= disabled
'<SYSTEM32>\sc.exe' config shpamsvc start= disabled
'<SYSTEM32>\sc.exe' stop shpamsvc
'<SYSTEM32>\sc.exe' stop TermService
'<SYSTEM32>\sc.exe' stop RemoteRegistry
'<SYSTEM32>\sc.exe' config RpcLocator start= disabled
'<SYSTEM32>\sc.exe' stop RpcLocator
'<SYSTEM32>\sc.exe' config UmRdpService start= disabled
'<SYSTEM32>\sc.exe' stop UmRdpService
'<SYSTEM32>\sc.exe' config TermService start= disabled
'<SYSTEM32>\sc.exe' config RemoteRegistry start= disabled
'<SYSTEM32>\sc.exe' stop RetailDemo
'<SYSTEM32>\sc.exe' config RetailDemo start= disabled
'<SYSTEM32>\sc.exe' config RasMan start= disabled
'<SYSTEM32>\sc.exe' stop RasMan
'<SYSTEM32>\sc.exe' config RasAuto start= disabled
'<SYSTEM32>\sc.exe' stop RasAuto
'<SYSTEM32>\sc.exe' config QWAVE start= disabled
'<SYSTEM32>\sc.exe' stop QWAVE
'<SYSTEM32>\sc.exe' stop SessionEnv
'<SYSTEM32>\sc.exe' stop RemoteAccess
'<SYSTEM32>\sc.exe' stop LanmanServer
'<SYSTEM32>\sc.exe' stop RmSvc
'<SYSTEM32>\sc.exe' config LanmanServer start= disabled
'<SYSTEM32>\sc.exe' stop SamSs
'<SYSTEM32>\sc.exe' config SensorService start= disabled
'<SYSTEM32>\sc.exe' stop SensorService
'<SYSTEM32>\sc.exe' config SensrSvc start= disabled
'<SYSTEM32>\sc.exe' stop SensrSvc
'<SYSTEM32>\sc.exe' config SensorDataService start= disabled
'<SYSTEM32>\sc.exe' stop SensorDataService
'<SYSTEM32>\sc.exe' config SamSs start= disabled
'<SYSTEM32>\sc.exe' config wscsvc start= disabled
'<SYSTEM32>\sc.exe' config RemoteAccess start= disabled
'<SYSTEM32>\sc.exe' stop wscsvc
'<SYSTEM32>\sc.exe' config seclogon start= disabled
'<SYSTEM32>\sc.exe' stop seclogon
'<SYSTEM32>\sc.exe' config SNMPTRAP start= disabled
'<SYSTEM32>\sc.exe' stop SNMPTRAP
'<SYSTEM32>\sc.exe' config RmSvc start= disabled
'<SYSTEM32>\sc.exe' config WpcMonSvc start= disabled
'<SYSTEM32>\sc.exe' config SessionEnv start= disabled
'<SYSTEM32>\sc.exe' stop WebClient
'<SYSTEM32>\sc.exe' stop wcncsvc
'<SYSTEM32>\sc.exe' stop xbgm
'<SYSTEM32>\sc.exe' config XboxGipSvc start= disabled
'<SYSTEM32>\sc.exe' stop XboxGipSvc
'<SYSTEM32>\sc.exe' config LanmanWorkstation start= disabled
'<SYSTEM32>\sc.exe' stop LanmanWorkstation
'<SYSTEM32>\sc.exe' config WaaSMedicSvc start= disabled
'<SYSTEM32>\sc.exe' stop WaaSMedicSvc
'<SYSTEM32>\sc.exe' config perceptionsimulation start= disabled
'<SYSTEM32>\sc.exe' config wuauserv start= disabled
'<SYSTEM32>\sc.exe' config W32Time start= disabled
'<SYSTEM32>\sc.exe' stop W32Time
'<SYSTEM32>\sc.exe' config WSearch start= disabled
'<SYSTEM32>\sc.exe' stop WSearch
'<SYSTEM32>\sc.exe' config WinRM start= disabled
'<SYSTEM32>\sc.exe' stop WinRM
'<SYSTEM32>\sc.exe' config spectrum start= disabled
'<SYSTEM32>\sc.exe' stop wuauserv
'<SYSTEM32>\sc.exe' stop spectrum
'<SYSTEM32>\sc.exe' config xbgm start= disabled
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ConsentUxUserSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UserDataSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PrintWorkflowUserSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MessagingService" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BcastDVRUserService" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DevicePickerUserSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\sc.exe' config XblAuthManager start= disabled
'<SYSTEM32>\sc.exe' stop XblAuthManager
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CaptureService" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDPUserSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BluetoothUserService" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\sc.exe' config XboxNetApiSvc start= disabled
'<SYSTEM32>\sc.exe' stop XboxNetApiSvc
'<SYSTEM32>\sc.exe' config XblGameSave start= disabled
'<SYSTEM32>\sc.exe' stop XblGameSave
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\sc.exe' stop perceptionsimulation
'<SYSTEM32>\sc.exe' stop WpnService
'<SYSTEM32>\sc.exe' stop lltdsvc
'<SYSTEM32>\sc.exe' config wcncsvc start= disabled
'<SYSTEM32>\sc.exe' config WinDefend start= disabled
'<SYSTEM32>\sc.exe' stop WinDefend
'<SYSTEM32>\sc.exe' config WdNisSvc start= disabled
'<SYSTEM32>\sc.exe' stop WdNisSvc
'<SYSTEM32>\sc.exe' config Sense start= disabled
'<SYSTEM32>\sc.exe' stop Sense
'<SYSTEM32>\sc.exe' config WEPHOSTSVC start= disabled
'<SYSTEM32>\sc.exe' config SecurityHealthService start= disabled
'<SYSTEM32>\sc.exe' stop WEPHOSTSVC
'<SYSTEM32>\sc.exe' stop FrameServer
'<SYSTEM32>\sc.exe' config WbioSrvc start= disabled
'<SYSTEM32>\sc.exe' stop WbioSrvc
'<SYSTEM32>\sc.exe' config SDRSVC start= disabled
'<SYSTEM32>\sc.exe' stop SDRSVC
'<SYSTEM32>\sc.exe' config WFDSConMgrSvc start= disabled
'<SYSTEM32>\sc.exe' config FrameServer start= disabled
'<SYSTEM32>\sc.exe' stop WerSvc
'<SYSTEM32>\sc.exe' config FontCache3.0.0.0 start= disabled
'<SYSTEM32>\sc.exe' config WebClient start= disabled
'<SYSTEM32>\sc.exe' stop SecurityHealthService
'<SYSTEM32>\sc.exe' stop FontCache3.0.0.0
'<SYSTEM32>\sc.exe' config WMPNetworkSvc start= disabled
'<SYSTEM32>\sc.exe' stop WMPNetworkSvc
'<SYSTEM32>\sc.exe' config icssvc start= disabled
'<SYSTEM32>\sc.exe' stop icssvc
'<SYSTEM32>\sc.exe' config LicenseManager start= disabled
'<SYSTEM32>\sc.exe' stop LicenseManager
'<SYSTEM32>\sc.exe' config wisvc start= disabled
'<SYSTEM32>\sc.exe' stop wisvc
'<SYSTEM32>\sc.exe' config StiSvc start= disabled
'<SYSTEM32>\sc.exe' stop StiSvc
'<SYSTEM32>\sc.exe' config FontCache start= disabled
'<SYSTEM32>\sc.exe' stop FontCache
'<SYSTEM32>\sc.exe' config Wecsvc start= disabled
'<SYSTEM32>\sc.exe' stop Wecsvc
'<SYSTEM32>\sc.exe' config WerSvc start= disabled
'<SYSTEM32>\sc.exe' stop WFDSConMgrSvc
'<SYSTEM32>\sc.exe' stop WpcMonSvc
'<SYSTEM32>\sc.exe' config PcaSvc start= disabled
'<SYSTEM32>\sc.exe' stop PcaSvc
'<SYSTEM32>\sc.exe' stop DusmSvc
'<SYSTEM32>\sc.exe' stop DPS
'<SYSTEM32>\sc.exe' config diagsvc start= disabled
'<SYSTEM32>\sc.exe' stop diagsvc
'<SYSTEM32>\sc.exe' config DoSvc start= disabled
'<SYSTEM32>\sc.exe' stop DoSvc
'<SYSTEM32>\sc.exe' config DusmSvc start= disabled
'<SYSTEM32>\sc.exe' config WdiServiceHost start= disabled
'<SYSTEM32>\sc.exe' stop WdiServiceHost
'<SYSTEM32>\sc.exe' config CertPropSvc start= disabled
'<SYSTEM32>\sc.exe' config VaultSvc start= disabled
'<SYSTEM32>\sc.exe' stop VaultSvc
'<SYSTEM32>\sc.exe' config DiagTrack start= disabled
'<SYSTEM32>\sc.exe' stop DiagTrack
'<SYSTEM32>\sc.exe' config ClipSVC start= disabled
'<SYSTEM32>\sc.exe' stop ClipSVC
'<SYSTEM32>\sc.exe' stop CDPSvc
'<SYSTEM32>\sc.exe' config CDPSvc start= disabled
'<SYSTEM32>\sc.exe' config WdiSystemHost start= disabled
'<SYSTEM32>\sc.exe' stop CertPropSvc
'<SYSTEM32>\sc.exe' stop EFS
'<SYSTEM32>\sc.exe' config FDResPub start= disabled
'<SYSTEM32>\sc.exe' stop FDResPub
'<SYSTEM32>\sc.exe' config fdPHost start= disabled
'<SYSTEM32>\sc.exe' stop fdPHost
'<SYSTEM32>\sc.exe' config MapsBroker start= disabled
'<SYSTEM32>\sc.exe' stop WdiSystemHost
'<SYSTEM32>\sc.exe' config EFS start= disabled
'<SYSTEM32>\sc.exe' stop MapsBroker
'<SYSTEM32>\sc.exe' config dmwappushservice start= disabled
'<SYSTEM32>\sc.exe' stop dmwappushservice
'<SYSTEM32>\sc.exe' config MSDTC start= disabled
'<SYSTEM32>\sc.exe' stop MSDTC
'<SYSTEM32>\sc.exe' config TrkWks start= disabled
'<SYSTEM32>\sc.exe' stop TrkWks
'<SYSTEM32>\sc.exe' config DisplayEnhancementService start= disabled
'<SYSTEM32>\sc.exe' stop DisplayEnhancementService
'<SYSTEM32>\sc.exe' config PeerDistSvc start= disabled
'<SYSTEM32>\sc.exe' stop PeerDistSvc
'<SYSTEM32>\sc.exe' stop AppXSvc
'<SYSTEM32>\sc.exe' stop AJRouter
'<SYSTEM32>\sc.exe' START Dhcp
'<SYSTEM32>\sc.exe' START DeviceInstall
'<SYSTEM32>\sc.exe' START AppInfo
'<SYSTEM32>\sc.exe' START TrustedInstaller
'<SYSTEM32>\sc.exe' config AppXSvc start= disabled
'<SYSTEM32>\sc.exe' START Winmgmt
'<SYSTEM32>\sc.exe' CONFIG AppInfo start= demand
'<SYSTEM32>\sc.exe' CONFIG TrustedInstaller start= demand
'<SYSTEM32>\sc.exe' CONFIG Winmgmt start= auto
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -NoExit -Command Checkpoint-Computer -Description RestorePoint -RestorePointType MODIFY_SETTINGS;
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -NoExit -Command "Checkpoint-Computer -Description "RestorePoint" -Res...
'<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /V "SystemRestorePointCreationFrequency" /T REG_DWORD /D 0 /F
'<SYSTEM32>\timeout.exe' 3 /nobreak
'<SYSTEM32>\sc.exe' CONFIG DeviceInstall start= demand
'<SYSTEM32>\sc.exe' stop ALG
'<SYSTEM32>\sc.exe' config ALG start= disabled
'<SYSTEM32>\sc.exe' config AJRouter start= disabled
'<SYSTEM32>\sc.exe' stop AppMgmt
'<SYSTEM32>\sc.exe' stop BthHFSrv
'<SYSTEM32>\sc.exe' stop BDESVC
'<SYSTEM32>\sc.exe' config bthserv start= disabled
'<SYSTEM32>\sc.exe' stop bthserv
'<SYSTEM32>\sc.exe' config BTAGService start= disabled
'<SYSTEM32>\sc.exe' stop BTAGService
'<SYSTEM32>\sc.exe' config wbengine start= disabled
'<SYSTEM32>\sc.exe' stop wbengine
'<SYSTEM32>\sc.exe' config BDESVC start= disabled
'<SYSTEM32>\sc.exe' config BITS start= disabled
'<SYSTEM32>\sc.exe' config BthHFSrv start= disabled
'<SYSTEM32>\sc.exe' stop BITS
'<SYSTEM32>\sc.exe' config AssignedAccessManagerSvc start= disabled
'<SYSTEM32>\sc.exe' stop AssignedAccessManagerSvc
'<SYSTEM32>\sc.exe' config tzautoupdate start= disabled
'<SYSTEM32>\sc.exe' stop tzautoupdate
'<SYSTEM32>\sc.exe' config AppMgmt start= disabled
'<SYSTEM32>\sc.exe' stop EntAppSvc
'<SYSTEM32>\sc.exe' config EntAppSvc start= disabled
'<SYSTEM32>\sc.exe' config DPS start= disabled
'<SYSTEM32>\sc.exe' stop fhsvc
'<SYSTEM32>\sc.exe' stop CscService
'<SYSTEM32>\sc.exe' config InstallService start= disabled
'<SYSTEM32>\sc.exe' config NaturalAuthentication start= disabled
'<SYSTEM32>\sc.exe' stop NaturalAuthentication
'<SYSTEM32>\sc.exe' config MSiSCSI start= disabled
'<SYSTEM32>\sc.exe' stop MSiSCSI
'<SYSTEM32>\sc.exe' config SmsRouter start= disabled
'<SYSTEM32>\sc.exe' stop SmsRouter
'<SYSTEM32>\sc.exe' config defragsvc start= disabled
'<SYSTEM32>\sc.exe' config CscService start= disabled
'<SYSTEM32>\sc.exe' stop defragsvc
'<SYSTEM32>\sc.exe' stop smphost
'<SYSTEM32>\sc.exe' config AppVClient start= disabled
'<SYSTEM32>\sc.exe' stop AppVClient
'<SYSTEM32>\sc.exe' config wlidsvc start= disabled
'<SYSTEM32>\sc.exe' stop wlidsvc
'<SYSTEM32>\sc.exe' config diagnosticshub.standardcollector.service start= disabled
'<SYSTEM32>\sc.exe' config smphost start= disabled
'<SYSTEM32>\sc.exe' stop SEMgrSvc
'<SYSTEM32>\sc.exe' config PrintNotify start= disabled
'<SYSTEM32>\sc.exe' stop diagnosticshub.standardcollector.service
'<SYSTEM32>\sc.exe' config fhsvc start= disabled
'<SYSTEM32>\sc.exe' stop PrintNotify
'<SYSTEM32>\sc.exe' config Spooler start= disabled
'<SYSTEM32>\sc.exe' stop Spooler
'<SYSTEM32>\sc.exe' config WPDBusEnum start= disabled
'<SYSTEM32>\sc.exe' stop WPDBusEnum
'<SYSTEM32>\sc.exe' config PhoneSvc start= disabled
'<SYSTEM32>\sc.exe' stop PhoneSvc
'<SYSTEM32>\sc.exe' config pla start= disabled
'<SYSTEM32>\sc.exe' stop pla
'<SYSTEM32>\sc.exe' config p2pimsvc start= disabled
'<SYSTEM32>\sc.exe' stop p2pimsvc
'<SYSTEM32>\sc.exe' config p2psvc start= disabled
'<SYSTEM32>\sc.exe' stop p2psvc
'<SYSTEM32>\sc.exe' config PNRPsvc start= disabled
'<SYSTEM32>\sc.exe' stop PNRPsvc
'<SYSTEM32>\sc.exe' config SEMgrSvc start= disabled
'<SYSTEM32>\sc.exe' stop InstallService
'<SYSTEM32>\sc.exe' config WpnService start= disabled
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UnistoreSvc" /v Start /t REG_DWORD /d 00000004 /f
'<SYSTEM32>\sc.exe' config SharedAccess start= disabled
'<SYSTEM32>\sc.exe' stop vmicshutdown
'<SYSTEM32>\sc.exe' config vmicguestinterface start= disabled
'<SYSTEM32>\sc.exe' stop vmicguestinterface
'<SYSTEM32>\sc.exe' config vmickvpexchange start= disabled
'<SYSTEM32>\sc.exe' stop vmickvpexchange
'<SYSTEM32>\sc.exe' config hns start= disabled
'<SYSTEM32>\sc.exe' stop vmicheartbeat
'<SYSTEM32>\sc.exe' stop hns
'<SYSTEM32>\sc.exe' stop HvHost
'<SYSTEM32>\sc.exe' config HomeGroupProvider start= disabled
'<SYSTEM32>\sc.exe' stop HomeGroupProvider
'<SYSTEM32>\sc.exe' config HomeGroupListener start= disabled
'<SYSTEM32>\sc.exe' stop HomeGroupListener
'<SYSTEM32>\sc.exe' config lfsvc start= disabled
'<SYSTEM32>\sc.exe' stop lfsvc
'<SYSTEM32>\sc.exe' config HvHost start= disabled
'<SYSTEM32>\sc.exe' config vmicheartbeat start= disabled
'<SYSTEM32>\sc.exe' config vmicshutdown start= disabled
'<SYSTEM32>\sc.exe' stop vmicvmsession
'<SYSTEM32>\sc.exe' stop SharedAccess
'<SYSTEM32>\sc.exe' stop iphlpsvc
'<SYSTEM32>\sc.exe' config irmon start= disabled
'<SYSTEM32>\sc.exe' stop irmon
'<SYSTEM32>\sc.exe' config PolicyAgent start= disabled
'<SYSTEM32>\sc.exe' stop PolicyAgent
'<SYSTEM32>\sc.exe' config IpxlatCfgSvc start= disabled
'<SYSTEM32>\sc.exe' stop IpxlatCfgSvc
'<SYSTEM32>\sc.exe' config iphlpsvc start= disabled
'<SYSTEM32>\sc.exe' config IEEtwCollectorService start= disabled
'<SYSTEM32>\sc.exe' config vmicvmsession start= disabled
'<SYSTEM32>\sc.exe' stop IEEtwCollectorService
'<SYSTEM32>\sc.exe' config vmicvss start= disabled
'<SYSTEM32>\sc.exe' stop vmicvss
'<SYSTEM32>\sc.exe' config vmictimesync start= disabled
'<SYSTEM32>\sc.exe' stop vmictimesync
'<SYSTEM32>\sc.exe' config vmicrdv start= disabled
'<SYSTEM32>\sc.exe' stop vmicrdv
'<SYSTEM32>\sc.exe' config lltdsvc start= disabled
'<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpnUserService" /v Start /t REG_DWORD /d 00000004 /f

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней