Техническая информация
- <SYSTEM32>\tasks\{446db352-ecde-0f3f-13e4-a40c43845260}
- %WINDIR%\temp\0032-1.dll
- %APPDATA%\user\eqokactn3.dll
- 'mo####fastnow.com':443
- 'mo####fastnow.com':80
- 'je###poster.com':443
- http://mo####fastnow.com/
- 'mo####fastnow.com':443
- 'je###poster.com':443
- DNS ASK mo####fastnow.com
- DNS ASK sk###helres.com
- DNS ASK je###poster.com
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %APPDATA%\user\Eqokactn3.dll,#1' (со скрытым окном)
- '<SYSTEM32>\regsvr32.exe' C://windows/Temp/0032-1.dll
- '<SYSTEM32>\cmd.exe' /C rundll32.exe %APPDATA%\user\Eqokactn3.dll,#1
- '<SYSTEM32>\rundll32.exe' %APPDATA%\user\Eqokactn3.dll,#1