Техническая информация
- %WINDIR%\tasks\byqatzzjtbtcpvsnfo.job
- <SYSTEM32>\tasks\byqatzzjtbtcpvsnfo
- %TEMP%\7zsd02.tmp\simplinst.exe
- %TEMP%\7zs1bb7.tmp\simplinst.exe
- %TEMP%\jztzbukrguxtrbnlz\nymffdoxgvzoxny\jdvsbki.exe
- '%TEMP%\7zsd02.tmp\simplinst.exe'
- '%TEMP%\7zs1bb7.tmp\simplinst.exe' /S
- '%TEMP%\jztzbukrguxtrbnlz\nymffdoxgvzoxny\jdvsbki.exe' 4V /S
- '%TEMP%\jztzbukrguxtrbnlz\nymffdoxgvzoxny\jdvsbki.exe' 4V /S' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "bYqATzzJTBtcpvSNFO" /SC once /ST 12:31:00 /RU "SYSTEM" /TR "\"%TEMP%\jzTzbukrGUxtrBnLz\nYMFfDoXgVzoXNY\jdvsbKi.exe\" 4V /S" /V1 /F
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "ggkiDxonp" /SC once /ST 09:56:59 /F /RU "user" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZ...
- '%WINDIR%\syswow64\schtasks.exe' /run /I /tn "ggkiDxonp"
- '<SYSTEM32>\taskeng.exe' {BA9E52BF-80DE-43B8-895F-E42358E77498} S-1-5-21-1960123792-2022915161-3775307078-1001:yrqzsgo\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==