Техническая информация
- <SYSTEM32>\tasks\edyati_{d3f63728-23e4-29d9-1b54-30b727afffb4}
- %WINDIR%\temp\0273-1.dll
- %LOCALAPPDATA%\{483ac8a0-2e9e-7fe0-1454-0531e612fa9c}\{baaddcac-4711-d57e-8522-90f079789993}\gefiacbc.dll
- 'mo####fastnow.com':443
- 'mo####fastnow.com':80
- 'sk###helres.com':443
- http://mo####fastnow.com/
- 'mo####fastnow.com':443
- 'sk###helres.com':443
- DNS ASK mo####fastnow.com
- DNS ASK sk###helres.com
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\{483AC8A0-2E9E-7FE0-1454-0531E612FA9C}\{BAADDCAC-4711-D57E-8522-90F079789993}\gefiacbc.dll,#1' (со скрытым окном)
- '<SYSTEM32>\regsvr32.exe' C://windows/Temp/0273-1.dll
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\{483AC8A0-2E9E-7FE0-1454-0531E612FA9C}\{BAADDCAC-4711-D57E-8522-90F079789993}\gefiacbc.dll,#1
- '<SYSTEM32>\rundll32.exe' %LOCALAPPDATA%\{483AC8A0-2E9E-7FE0-1454-0531E612FA9C}\{BAADDCAC-4711-D57E-8522-90F079789993}\gefiacbc.dll,#1