Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'StubPath' = '%PROGRAM_FILES%\NetServices\TmListen.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'StubPath' = '<Полный путь к вирусу>'
- %PROGRAM_FILES%\NetServices\TmListen.exe
- <SYSTEM32>\ping.exe -n 2 localhost
- %PROGRAM_FILES%\NetServices\TmListen.exe
- %PROGRAM_FILES%\NetServices\TmListen.exe
- 'so####nny2017.rr.nu':80
- so####nny2017.rr.nu/mail.asp?na#############################################################################################################
- DNS ASK so####nny2017.rr.nu
- ClassName: 'Indicator' WindowName: ''