Техническая информация
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'conhost' = '%APPDATA%\Microsoft\conhost.exe'
- [<HKCU>\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=127.0.0.1:60586'
- %APPDATA%\microsoft\conhost.exe
- %APPDATA%\83e4.37f
- http://li####atagent.com/img/footer_intel.jpg?v2################################################
- DNS ASK li####atagent.com
- DNS ASK re####ineorder.com