Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Fnzz' = '%LOCALAPPDATA%\Fnzz\Fnzz_nekro.hta'
- %WINDIR%\syswow64\rasphone.exe
- %LOCALAPPDATA%\fnzz\fnzztne.exe
- %LOCALAPPDATA%\fnzz\fnzzent.vbs
- %LOCALAPPDATA%\fnzz\fnzz_nekro.hta
- C:\users\public\clean.bat
- C:\users\public\bcd.dll
- C:\users\public\runex.bat
- %WINDIR% \system32\bcd.dll
- %LOCALAPPDATA%\fnzz\fnzztne.exe
- %LOCALAPPDATA%\fnzz\fnzzent.vbs
- %LOCALAPPDATA%\fnzz\fnzz_nekro.hta
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Runex.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Runex.bat" "
- '%WINDIR%\syswow64\rasphone.exe'