Техническая информация
- <SYSTEM32>\tasks\windowstaskcoreupdate
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=in action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=out action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes
- %APPDATA%\ded60d07624d42d5abf32e64380c2a50\cca73a88a632443c9368c93cc16926d8.vbs
- http://to###ames.com/steam.lock
- http://dv###ideofr.com/pack.dll
- DNS ASK fa###ook.com
- DNS ASK gm###down.com
- DNS ASK to###ames.com
- DNS ASK dv###ideofr.com
- '<SYSTEM32>\schtasks.exe' /create /ru system /tn WindowsTaskCoreUpdate /sc onstart /tr "%APPDATA%\DED60D07624D42D5ABF32E64380C2A50\CCA73A88A632443C9368C93CC16926D8.vbs" /f /rl highest' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=in action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=out action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /ru system /tn WindowsTaskCoreUpdate /sc onstart /tr "%APPDATA%\DED60D07624D42D5ABF32E64380C2A50\CCA73A88A632443C9368C93CC16926D8.vbs" /f /rl highest