Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%\AutoWindowsUpdate\win32update.exe'
- %APPDATA%\autowindowsupdate\win32update.exe
- 'ht##bin.org':443
- 'x.##2.us':80
- 'microsoft.com':80
- http://x.##2.us/x.cer
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'ht##bin.org':443
- DNS ASK ht##bin.org
- DNS ASK x.##2.us
- DNS ASK microsoft.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'WindowsUpdate';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Windows...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications' -Name DisableNotifications -Value 1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -PUAProtection 1