Техническая информация
- <SYSTEM32>\tasks\svchosts
- Обновления системы (Windows Update)
- %APPDATA%\microsoftcompabilitytelemetry.exe
- '%WINDIR%\syswow64\cmd.exe' /C powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\,%APPDATA%' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C schtasks /create /tn svchosts /tr %APPDATA%\MicrosoftCompabilityTelemetry.exe /sc onlogon' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C reagentc.exe /disable' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C sc config wuauserv start= disabled' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /C powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\,%APPDATA%
- '%WINDIR%\syswow64\cmd.exe' /C schtasks /create /tn svchosts /tr %APPDATA%\MicrosoftCompabilityTelemetry.exe /sc onlogon
- '%WINDIR%\syswow64\cmd.exe' /C reagentc.exe /disable
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\,%APPDATA%
- '%WINDIR%\syswow64\cmd.exe' /C sc config wuauserv start= disabled
- '%WINDIR%\syswow64\reagentc.exe' /disable
- '%WINDIR%\syswow64\sc.exe' config wuauserv start= disabled
- '%WINDIR%\syswow64\schtasks.exe' /create /tn svchosts /tr %APPDATA%\MicrosoftCompabilityTelemetry.exe /sc onlogon