Техническая информация
- <SYSTEM32>\tasks\update logon
- <SYSTEM32>\tasks\update daily
- %TEMP%\nss8891.tmp
- %ProgramFiles(x86)%\search core systems\update\uninstall.exe
- %ProgramFiles(x86)%\search core systems\update\update.exe
- %TEMP%\nsc891e.tmp\nsexec.dll
- %TEMP%\nsc891e.tmp\system.dll
- %TEMP%\nsc891e.tmp\nsexec.dll
- %TEMP%\nsc891e.tmp\system.dll
- DNS ASK re######g.dynamo-media.com
- '%ProgramFiles(x86)%\search core systems\update\update.exe' install
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update Logon"' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update Daily"' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /RU SYSTEM /SC ONLOGON /TN "Update Logon" /TR "\"%ProgramFiles(x86)%\Search Core Systems\Update\update.exe\" heartbeat" /RL highest' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /RU SYSTEM /SC Daily /TN "Update Daily" /TR "\"%ProgramFiles(x86)%\Search Core Systems\Update\update.exe\" heartbeat" /RL highest' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update Logon"
- '%WINDIR%\syswow64\schtasks.exe' /Delete /TN "Update Daily"
- '%WINDIR%\syswow64\schtasks.exe' /Create /RU SYSTEM /SC ONLOGON /TN "Update Logon" /TR "\"%ProgramFiles(x86)%\Search Core Systems\Update\update.exe\" heartbeat" /RL highest
- '%WINDIR%\syswow64\schtasks.exe' /Create /RU SYSTEM /SC Daily /TN "Update Daily" /TR "\"%ProgramFiles(x86)%\Search Core Systems\Update\update.exe\" heartbeat" /RL highest