Техническая информация
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\conhost.exe'
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Полный путь к вирусу>"
- '<SYSTEM32>\wbem\WMIADAP.EXE' /F /T /R
- <SYSTEM32>\LogFiles\Scm\e204093d-d39b-4197-b349-682b23d6ebb4
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp
- <SYSTEM32>\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
- C:\ProgramData\Microsoft\RAC\Temp\sql277C.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sql279D.tmp