Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefenderTasksuport' = '%APPDATA%\suport\son.bat'
- %APPDATA%\suport\son.bat
- %APPDATA%\suport\nircmd.exe
- %APPDATA%\suport\scvhots.exe
- %TEMP%\tmp1.tmp.bat
- %TEMP%\tmp1.tmp.bat
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 2 /tn "WindowsDefenderTasksuport" /tr "powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -Command [Reflection.Assembly]::Load([System.Convert]::Frombase64St...
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp1.tmp.bat" "
- '<SYSTEM32>\attrib.exe' +s +a +h %APPDATA%\suport
- '<SYSTEM32>\attrib.exe' +s +a +h %APPDATA%\suport\*