Technical Information
- Windows Defender
- [\REGISTRY\USER\S-1-5-21-1238866942-1249195528-555854008-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{9190DE37-207E-4D73-B402-B4EFC7A5C7D4}Machine\SOFTWARE\Policies\Micr...
- [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions] 'exe' = ''
- %WINDIR%\syswow64\grouppolicy\gpt.ini
- <SYSTEM32>\grouppolicy\machine\registry.pol
- <SYSTEM32>\grouppolicy\gpt.ini
- %ALLUSERSPROFILE%\ntuser.pol
- '94.##2.138.131':80
- 'ip##fo.io':443
- 'db##p.com':443
- 'ma##ind.com':80
- 'ma##ind.com':443
- http://94.##2.138.131/api/tracemap.php
- http://www.ma##ind.com/geoip/v2.1/city/me
- '34.##9.100.209':443
- 'ip##fo.io':443
- 'db##p.com':443
- 'ma##ind.com':443
- '34.##0.144.191':443
- DNS ASK ip##fo.io
- DNS ASK db##p.com
- DNS ASK ap#.#b-ip.com
- DNS ASK ma##ind.com
- '<SYSTEM32>\svchost.exe' -k secsvcs
- '<SYSTEM32>\raserver.exe' /offerraupdate