Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\NetCLR_X64\Parameters] 'ServiceDll' = '%WINDIR%\Diremts.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\NetCLR_X64] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netscvs'
- [<HKLM>\SYSTEM\ControlSet001\Services\NetCLR_X64] 'Start' = '00000002'
- '<SYSTEM32>\ping.exe' -n 5 127.0.0.1
- '<SYSTEM32>\cmd.exe' /c @ping -n 5 127.0.0.1&del <Полный путь к вирусу> > nul
- '<SYSTEM32>\svchost.exe' -k netscvs
- <SYSTEM32>\svchost.exe
- %TEMP%\127593_res.tmp
- %TEMP%\127593_res.tmp в %WINDIR%\Diremts.dll
- 'nb.##rcmd.com':1015
- DNS ASK nb.##rcmd.com