Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'n0tspy' = '%WINDIR%\n0tspy.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsMessenger' = '%APPDATA%\WindowsMessenger.exe'
- %WINDIR%\n0tspy.exe
- %APPDATA%\WindowsMessenger.exe
- %WINDIR%\n0tspy.exe
- %APPDATA%\WindowsMessenger.exe
- 'n0####zo.no-ip.org':150
- DNS ASK n0####zo.no-ip.org
- ClassName: 'Indicator' WindowName: ''