Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'GoogleUpdate' = '%PROGRAMDATA%\GoogleUpdate.exe'
- %PROGRAMDATA%\googleupdate.exe
- '78.##.212.123':5200
- ClassName: '' WindowName: '1071437/1740'
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: '1082812/1516'
- '%PROGRAMDATA%\googleupdate.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\