Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'conhostsvr' = '%APPDATA%\Microsoft\CLR Security Config\v8.1.5070.512\64bit\conhostsvr.exe'
- '%APPDATA%\Microsoft\CLR Security Config\v8.1.5070.512\64bit\conhostsvr.exe'
- '<SYSTEM32>\taskkill.exe' /f /im conhostsvr.exe
- %TEMP%\849D6EBB.ttf
- %TEMP%\849D6EBB.nbp
- %APPDATA%\Microsoft\CLR Security Config\v8.1.5070.512\64bit\conhostsvr.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'al0'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''