Техническая информация
- %WINDIR%\tasks\bbyjfdhtapiikyjfno.job
- <SYSTEM32>\tasks\bbyjfdhtapiikyjfno
- %TEMP%\7zs441f.tmp\simplinst.exe
- %TEMP%\7zs49fb.tmp\simplinst.exe
- %TEMP%\nskpvswsqcqkbtqwp\mlujsitbudenwao\oixjezd.exe
- '%TEMP%\7zs441f.tmp\simplinst.exe'
- '%TEMP%\7zs49fb.tmp\simplinst.exe' /S
- '%TEMP%\nskpvswsqcqkbtqwp\mlujsitbudenwao\oixjezd.exe' Ks /S
- '%TEMP%\nskpvswsqcqkbtqwp\mlujsitbudenwao\oixjezd.exe' Ks /S' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "bbyjFDHtapiIKyJfNo" /SC once /ST 13:58:00 /RU "SYSTEM" /TR "\"%TEMP%\NsKPVswsqcqKbTQwP\MlujsiTBudENWAo\oiXJeZd.exe\" Ks /S" /V1 /F
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "gaNDScSzo" /SC once /ST 01:57:36 /F /RU "user" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZ...
- '%WINDIR%\syswow64\schtasks.exe' /run /I /tn "gaNDScSzo"
- '<SYSTEM32>\taskeng.exe' {ED697CBA-AC04-4AAC-8889-A4D7151F0488} S-1-5-21-1960123792-2022915161-3775307078-1001:gmuated\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==