Technical Information
- <SYSTEM32>\tasks\<File name>
- <SYSTEM32>\tasks\smss
- <SYSTEM32>\tasks\explorer
- Windows Defender
- C:\far2\documentation\rus\<File name>.exe
- C:\far2\documentation\rus\c9392dbc98faad140a5c976f0876fbca5c95b953
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\smss.exe
- C:\recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\69ddcba757bf72f7d36c464c71f42baab150b2b9
- %WINDIR%\enterprise\explorer.exe
- %WINDIR%\enterprise\7a0fd90576e08807bde2cc57bcf9854bbce05fe3
- '37.##0.116.78':80
- 'C:\far2\documentation\rus\<File name>.exe'
- 'C:\far2\documentation\rus\<File name>.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "<File name>" /sc ONLOGON /tr "'C:\Far2\Documentation\rus\<File name>.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "smss" /sc ONLOGON /tr "'C:\Recovery\1195d5a8-f371-11e4-9c00-dd3082671db2\smss.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\schtasks.exe' /create /tn "explorer" /sc ONLOGON /tr "'%WINDIR%\Enterprise\explorer.exe'" /rl HIGHEST /f
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose