Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe rundll32.exe wnhf.cvo lsfpdfb'
- %WINDIR%\syswow64\svchost.exe
- %TEMP%\5e8d.tmp
- %WINDIR%\syswow64\wnhf.cvo
- DNS ASK au####adersuk.net
- '%ProgramFiles%\microsoft office\office14\winword.exe' /Automation -Embedding
- '%WINDIR%\syswow64\svchost.exe'