Total Defense Anti-virus
Security Center Version 9.0.0.773?
dotnetproxy.exe (CVE-2019-13355)
- Replace
dotnetproxy.exein%programdata%\TotalDefense\Consumer\ISS\9with payload, - Update the software or execute
ccupdate.exe.
Demo
bdcore.dll (CVE-2019-13356)
- Replace
bdcore.dllin%programdata%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2with payload, - Reboot system or restart the
AMRT.exeservice.
Demo
Other
Pretty much everything else in %programdata%\TotalDefense\ when updating that runs as SYSTEM... Yikes...

