Техническая информация
- <SYSTEM32>\tasks\mfa
- <SYSTEM32>\tasks\mfakillswitch
- <SYSTEM32>\tasks\wordwebmfa
- '<SYSTEM32>\schtasks.exe' /create /RU "NT AUTHORITY\SYSTEM" /SC ONLOGON /TN MFA /TR %PROGRAMDATA%\MFAApp\MFA.exe /RL HIGHEST /F
- '<SYSTEM32>\schtasks.exe' /create /RU "NT AUTHORITY\SYSTEM" /TN MFAKillSwitch /TR %PROGRAMDATA%\MFAApp\KillMFAApp.exe /RL HIGHEST /F /SC ONEVENT /EC Application /MO *[LogMeIn/EventID=20334353]
- '<SYSTEM32>\schtasks.exe' /create /RU BUILTIN\Users /TN WordWebMFA /TR %PROGRAMDATA%\MFAApp\Files\LaunchDocandWebsite.bat /F /SC ONEVENT /EC Application /MO *[LogMeIn/EventID=2033434453]
- '<SYSTEM32>\schtasks.exe' /run /TN MFA