Техническая информация
- <SYSTEM32>\tasks\windowstaskcoreupdate
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=in action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=out action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes
- %APPDATA%\72c8fd7f64d3455aab469588519018ab\a586d5e4e04a482eb96e4dfd68cdfee0.vbs
- http://to###ames.com/steam.lock
- http://dv###ideofr.com/pack.dll
- DNS ASK fa###ook.com
- DNS ASK gm###down.com
- DNS ASK to###ames.com
- DNS ASK dv###ideofr.com
- '<SYSTEM32>\schtasks.exe' /create /ru system /tn WindowsTaskCoreUpdate /sc onstart /tr "%APPDATA%\72C8FD7F64D3455AAB469588519018AB\A586D5E4E04A482EB96E4DFD68CDFEE0.vbs" /f /rl highest' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=in action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes' (со скрытым окном)
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="WindowsIndexerCoreUpdate" dir=out action=allow description="WindowsIndexerCoreUpdate" program="<SYSTEM32>\wscript.exe" enable=yes' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /ru system /tn WindowsTaskCoreUpdate /sc onstart /tr "%APPDATA%\72C8FD7F64D3455AAB469588519018AB\A586D5E4E04A482EB96E4DFD68CDFEE0.vbs" /f /rl highest