Техническая информация
- http://www.te###pdate.info/updates/yd/yt_e_b_20/win/version.txt
- http://www.te###pdate.info/updates/yd/yt_e_b_20/win/update_e.jpg
- DNS ASK te###pdate.info
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==' (со скрытым окном)
- '<SYSTEM32>\gpupdate.exe' /force' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /CREATE /TN "gYfMasZjd" /SC once /ST 15:16:44 /F /RU "user" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZ...
- '%WINDIR%\syswow64\schtasks.exe' /run /I /tn "gYfMasZjd"
- '<SYSTEM32>\taskeng.exe' {E312F8EC-9A7C-42DC-99A0-FCA93253ACCE} S-1-5-21-1960123792-2022915161-3775307078-1001:dfrghynct\user:Interactive:[1]
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
- '<SYSTEM32>\gpupdate.exe' /force
- '<SYSTEM32>\gpscript.exe' /RefreshSystemParam