Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'DHCP Client Control' = '<LS_APPDATA>\VSL\winsvchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<LS_APPDATA>\VSL\winsvchost.exe' = '<LS_APPDATA>\VSL\winsvchost.exe:*:Enabled:DHCP Client Control'
- '<LS_APPDATA>\VSL\ntash.exe'
- '<LS_APPDATA>\VSL\winsvchost.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<LS_APPDATA>\VSL\winsvchost.exe" "DHCP Client Control" ENABLE
- <LS_APPDATA>\VSL\ntash.exe
- <LS_APPDATA>\VSL\winsvchost.exe
- 'ma###florw.com':80
- 'tr###onell.com':80
- ma###florw.com/sin.php
- tr###onell.com/fa.php
- DNS ASK ma###florw.com
- DNS ASK tr###onell.com