Техническая информация
- <SYSTEM32>\tasks\{1501299b-4454-7970-1104-6a6f0072dbfd}
- %WINDIR%\temp\0431-1.dll
- %LOCALAPPDATA%\{6de90dc5-2ba0-63a8-1bd4-d274f4ce5c92}\ohvuafacou.dll
- 'mo####fastnow.com':443
- 'mo####fastnow.com':80
- 'sk###helres.com':443
- http://mo####fastnow.com/
- 'mo####fastnow.com':443
- 'sk###helres.com':443
- DNS ASK mo####fastnow.com
- DNS ASK sk###helres.com
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\{6DE90DC5-2BA0-63A8-1BD4-D274F4CE5C92}\ohvuafacou.dll,#1' (со скрытым окном)
- '<SYSTEM32>\regsvr32.exe' C://windows/Temp/0431-1.dll
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %LOCALAPPDATA%\{6DE90DC5-2BA0-63A8-1BD4-D274F4CE5C92}\ohvuafacou.dll,#1
- '<SYSTEM32>\rundll32.exe' %LOCALAPPDATA%\{6DE90DC5-2BA0-63A8-1BD4-D274F4CE5C92}\ohvuafacou.dll,#1