Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'schost' = '"%LOCALAPPDATA%\schost.exe"'
- %LOCALAPPDATA%\schost.exe
- '19#.#19.74.208':80
- 'ch#####i33.publicvm.com':2703
- 'microsoft.com':80
- http://19#.#19.74.208/Zbvfrucvffv.dll
- 'ch#####i33.publicvm.com':2703
- DNS ASK ch#####i33.publicvm.com
- DNS ASK microsoft.com