Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'WindowsDefender' = 'regsvr32.exe /s "%PROGRAMDATA%\Software\Microsoft\Windows\Defender\AutoUpdate.dll"'
- %PROGRAMDATA%\software\microsoft\windows\defender\autoupdate.dll
- %PROGRAMDATA%\temp\7d27.tmp.bat
- DNS ASK pa###.#igfile.hol.es
- '%WINDIR%\syswow64\regsvr32.exe' /s "%PROGRAMDATA%\Software\Microsoft\Windows\Defender\AutoUpdate.dll"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c %PROGRAMDATA%\temp\7D27.tmp.bat
- '%WINDIR%\syswow64\regsvr32.exe' /s "%PROGRAMDATA%\Software\Microsoft\Windows\Defender\AutoUpdate.dll"