Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WNOZq' = 'C:\\Users\\user\\AppData\\Local\\WNOZqd\\WNOZqdkwu.hta'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe
- %WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe
- %LOCALAPPDATA%\wnozqd\wnozq.exe
- %LOCALAPPDATA%\wnozqd\wnozq.vbs
- %LOCALAPPDATA%\wnozqd\wnozqdkwu.hta
- '21#.#2.228.171':5200
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe'