Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\conhost.exe
- '%TEMP%\conhost.exe'
- '<SYSTEM32>\cmd.exe' /c copy "%TEMP%\conhost.exe" "%HOMEPATH%\Start Menu\Programs\Startup\"
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\§°§и§Ц§Я§а§й§Я§н§Ы §Э§Ъ§г§д.jpg
- %TEMP%\§°§и§Ц§Я§а§й§Я§н§Ы §Э§Ъ§г§д.jpg
- %TEMP%\conhost.exe
- 'do####-s.edns.biz':443
- DNS ASK do####-s.edns.biz
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''