Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'conhost' = '<LS_APPDATA>\conhost.exe'
- <LS_APPDATA>\conhost.exe
- <LS_APPDATA>\conhost.exe /ra Software\Microsoft\Windows\CurrentVersion\Run
- <LS_APPDATA>\conhost.exe
- 'www.to#####wsnewstoday.com':80
- www.to#####wsnewstoday.com/index.php?v=###########################
- www.to#####wsnewstoday.com/index.php?v=#############################
- DNS ASK www.to#####wsnewstoday.com
- ClassName: 'Indicator' WindowName: ''