Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WINDOWS DEFENDER' = '<SYSTEM32>:windefender.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{18C0FA11-5D45-2B0D-2CAB-7E4B43CBB677}] 'StubPath' = '<SYSTEM32>:windefender.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>:windefender.exe
- 'te####.dnsfor.me':3460
- 'localhost':3460
- DNS ASK te####.dnsfor.me