Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Registry Key Name' = '%HOMEPATH%\phoney2\phoney2.vbs -BN'
- phoney2.exe
- %HOMEPATH%\phoney2\phoney2.exe
- %HOMEPATH%\phoney2\phoney2.vbs
- 'mo#.#otdns.ch':5320
- 'ne###.myftp.org':2019
- DNS ASK mo#.#otdns.ch
- DNS ASK ne###.myftp.org
- '%HOMEPATH%\phoney2\phoney2.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\phoney2\phoney2.vbs"
- '%HOMEPATH%\phoney2\phoney2.exe' ' (со скрытым окном)
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\phoney2\phoney2.vbs"' (со скрытым окном)