Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'CIVILISTERNE' = 'wscript "%TEMP%\Verry4.vbs"'
- %WINDIR%\win.ini
- verry4.exe
- %TEMP%\verry4.exe
- %TEMP%\verry4.vbs
- %APPDATA%\remcos\logs.dat
- 'sa######sok55.duckdns.org':2404
- DNS ASK sa######sok55.duckdns.org
- '%TEMP%\verry4.exe'