Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'windowss' = 'RUNDLL32 "%PROGRAM_FILES%\update.ini" into'
- %PROGRAM_FILES%\rundll32.exe "%PROGRAM_FILES%\update.ini" into
- <SYSTEM32>\cmd.exe /c afc9fe2f418b00a0.bat
- <Текущая директория>\afc9fe2f418b00a0.bat
- %PROGRAM_FILES%\rundll32.exe
- %PROGRAM_FILES%\update.ini
- 'ho####.phmail.us':8081
- DNS ASK ho####.phmail.us
- ClassName: 'Indicator' WindowName: ''