Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdate' = '%APPDATA%\WinwowsUpdate\winupdater.exe'
- %APPDATA%\winwowsupdate\winupdater.exe
- 'ht##bin.org':443
- 'x.##2.us':80
- 'di##ord.com':443
- 'ht##bin.org':443
- 'di##ord.com':443
- DNS ASK ht##bin.org
- DNS ASK x.##2.us
- DNS ASK di##ord.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'WindowsUpdate';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'Windows...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications' -Name DisableNotifications -Value 1
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -PUAProtection 1