Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ashWebSr' = '<SYSTEM32>\ashWebUpdate.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- Диспетчера задач (Taskmgr)
- Редактора реестра (RegEdit)
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskmgr /t REG_DWORD /d 0x00000001 /f
- <SYSTEM32>\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 0x00000001 /f
- <SYSTEM32>\netsh.exe firewall set opmode disable
- <SYSTEM32>\sc.exe stop wscsvc
- <SYSTEM32>\sc.exe config wscsvc start= disabled
- <SYSTEM32>\ashWebUpdate.exe
- 'dr####a22.no-ip.biz':3232
- DNS ASK dr####a22.no-ip.biz
- ClassName: 'tapplication' WindowName: 'Error'