Technical Information
- Windows Defender
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{CDA5593E-6C64-4C82-921F-42CFDBDECB69}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions] 'exe' = ''
- [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions] 'exe' = ''
- <SYSTEM32>\grouppolicy\gpt.ini
- <SYSTEM32>\grouppolicy\machine\registry.pol
- %ALLUSERSPROFILE%\ntuser.pol
- '20#.#7.104.60':80
- '19#.#2.32.118':80
- '94.##2.138.131':80
- '94.##2.138.113':80
- http://94.##2.138.131/api/tracemap.php
- '<SYSTEM32>\svchost.exe' -k secsvcs
- '<SYSTEM32>\raserver.exe' /offerraupdate