Техническая информация
- %WINDIR%\Tasks\Parker.job
- %WINDIR%\Tasks\Tasker.job
- <SYSTEM32>\wscript.exe /B "%APPDATA%\msddn.vbs"
- <SYSTEM32>\schtasks.exe /Create /SC minute /mo 30 /TN Parker /TR "wscript.exe /B """%APPDATA%\msddn.vbs"""" /RU SYSTEM
- <SYSTEM32>\schtasks.exe /Create /TN Tasker /TR "wscript.exe /B """%HOMEPATH%\sec.vbe"""" /SC ONLOGON /RU SYSTEM
- %APPDATA%\msddn.vbs
- %ALLUSERSPROFILE%\0
- %ALLUSERSPROFILE%\idt
- %APPDATA%\msddn.vbs
- 'wv#.##rewallwin.com':8083
- DNS ASK wv#.##rewallwin.com
- ClassName: '' WindowName: 'Universal Termsrv.dll Patch (x86)'
- ClassName: '' WindowName: 'Universal Termsrv.dll Patch (x64)'