Техническая информация
- <SYSTEM32>\tasks\svchost
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy ByPass -WindowStyle Hidden -Encoded JABiADQAMAAgAD0AIAAiAEgANABzAEkAQQBBAEEAQQBBAEEAQQBFAEEATwAxAFoAZgBYAEEAYgAxADMASABmAE8AeAB3AE8AQgA0AGkARQBTAEUAaQBpAEsASQBxAFMASQBaAEMAUwBJ...' (со скрытым окном)
- '<SYSTEM32>\taskeng.exe' {00BB49E9-9B78-4C65-95DB-DFAEA3D76023} S-1-5-21-1960123792-2022915161-3775307078-1001:kffihf\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy ByPass -WindowStyle Hidden -Encoded JABiADQAMAAgAD0AIAAiAEgANABzAEkAQQBBAEEAQQBBAEEAQQBFAEEATwAxAFoAZgBYAEEAYgAxADMASABmAE8AeAB3AE8AQgA0AGkARQBTAEUAaQBpAEsASQBxAFMASQBaAEMAUwBJ...