Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'conhost' = '%HOMEPATH%\Local Settings\conhost\conhosts.exe'
- '<SYSTEM32>\taskkill.exe' /f /im cmd.exe
- '<SYSTEM32>\taskkill.exe' /f /im conhost.exe
- <SYSTEM32>\cmd.exe
- %HOMEPATH%\Local Settings\conhost\conhosts.exe
- %HOMEPATH%\Local Settings\conhost\Updatehos.zip
- 'vl###2345123.ru':80
- http:///AdminCP/admcp.php?vi##### via vl###2345123.ru
- http://vl###2345123.ru/AdminCP/cpu.zip
- DNS ASK vl###2345123.ru
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: ''