Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\windowsupdate\sihpostbootmanager
- %WINDIR%\syswow64\cmd.exe
- %WINDIR%\servicemanager.exe
- %WINDIR%\shellinfrastructurehost\config.json
- 'ps##xi.su':443
- 'gi##ub.com':443
- 'ps##xi.su':443
- 'gi##ub.com':443
- DNS ASK google.com
- DNS ASK ps##xi.su
- DNS ASK gi##ub.com
- '%WINDIR%\servicemanager.exe'
- '%WINDIR%\syswow64\cmd.exe' /C powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath %WINDIR%' (со скрытым окном)
- '%WINDIR%\servicemanager.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath %WINDIR%