Техническая информация
- <SYSTEM32>\tasks\windowstaskcoreupdate
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=in action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=out action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes
- %APPDATA%\cf32e62221ab4c9d8a98c28f90568561\37ecddce5991476a8ce335551808a909.vbs
- http://to###ames.com/steam.lock
- http://dv###ideofr.com/pack.dll
- DNS ASK fa###ook.com
- DNS ASK gm###down.com
- DNS ASK to###ames.com
- DNS ASK dv###ideofr.com
- '<SYSTEM32>\schtasks.exe' /create /ru system /tn WindowsTaskCoreUpdate /sc onstart /tr "%APPDATA%\CF32E62221AB4C9D8A98C28F90568561\37ECDDCE5991476A8CE335551808A909.vbs" /f /rl highest' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=in action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=out action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /ru system /tn WindowsTaskCoreUpdate /sc onstart /tr "%APPDATA%\CF32E62221AB4C9D8A98C28F90568561\37ECDDCE5991476A8CE335551808A909.vbs" /f /rl highest