Техническая информация
- %APPDATA%\system33\dllhost.exe
- %TEMP%\dobzoc5zrsf.fv
- %TEMP%\swhznubucvl\pass.log
- %TEMP%\swhznubucvl\files\cveuropeo.doc
- %TEMP%\swhznubucvl\files\february_catalogue__2015.doc
- %TEMP%\swhznubucvl\files\file_p_00000000_1371597592.docx
- %TEMP%\swhznubucvl\files\hanni_umami_chapter.doc
- %TEMP%\swhznubucvl\files\holycrosschurchinstructions.docx
- %TEMP%\swhznubucvl\files\uep_form_786_bulletin_1726i602.doc
- %TEMP%\swhznubucvl\desktop.jpg
- %TEMP%\swhznubucvl\applications\steam\config\config.vdf
- %TEMP%\tdkojjupps4.fv
- %TEMP%\swhznubucvl\cookies\opera_cookies.txt
- %TEMP%\qmpze55j1gh.fv
- %TEMP%\gwb3024zg4o.fv
- %TEMP%\swhznubucvl\autofill\opera_autofill.txt
- %TEMP%\dobzoc5zrsf.fv
- http://so##no.xyz/page.php
- DNS ASK so##no.xyz
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Audio" /tr "%APPDATA%\System33\dllhost.exe" /f' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 1 /tn "Windows Audio" /tr "%APPDATA%\System33\dllhost.exe" /f