Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Faxprinter' = 'rundll32.exe "%TEMP%\faxprint.dll",vvwnmewxx'
- %TEMP%\faxprint.dll
- %TEMP%\bss.vbs
- 'up####.86wts86a8j.com':80
- http://up####.86wts86a8j.com/CB6FD2BF816/0000093C00000670/2020/5/28/12/29/49/0010263700000029
- DNS ASK up####.86wts86a8j.com
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\bss.vbs"
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\faxprint.dll,vvwnmewxx' (со скрытым окном)
- '%WINDIR%\syswow64\rundll32.exe' %TEMP%\faxprint.dll,vvwnmewxx