Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nwiz' = '<SYSTEM32>\RCTHSOUN.EXE'
- '<SYSTEM32>\reg.exe' add hklm\software\microsoft\windows\currentversion\run /v nwiz /t reg_sz /d "<SYSTEM32>\RCTHSOUN.EXE" /f
- <SYSTEM32>\RCTHSOUN.EXE
- 'ma#######-rembolso.no-ip.org':1234
- DNS ASK ma#######-rembolso.no-ip.org
- ClassName: 'Shell_TrayWnd' WindowName: ''