Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Windows10 defender' = '%APPDATA%\subDir\Windows10 defender.exe'
- <SYSTEM32>\tasks\windows10 defender
- windows10 defender.exe
- %APPDATA%\subdir\windows10 defender.exe
- %APPDATA%\subdir\windows10 defender.exe
- %APPDATA%\subdir\windows10 defender.exe
- '23######-51228.portmap.host':51228
- DNS ASK 23######-51228.portmap.host
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "Windows10 defender" /sc ONLOGON /tr "<Полный путь к файлу>" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "Windows10 defender" /sc ONLOGON /tr "%APPDATA%\SubDir\Windows10 defender.exe" /rl HIGHEST /f