Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Techday' = '%HOMEPATH%\Techday\Techday.vbs -VC'
- techday.exe
- %TEMP%\survey form pdf download.pdf
- %HOMEPATH%\techday\techday.exe
- %HOMEPATH%\techday\techday.vbs
- %APPDATA%\remcos\logs.dat
- %APPDATA%\remcos\logs.dat
- '69.#5.7.132':538
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Techday\Techday.vbs"
- '%HOMEPATH%\techday\techday.exe'
- '<SYSTEM32>\wscript.exe' "%HOMEPATH%\Techday\Techday.vbs"' (со скрытым окном)
- '%HOMEPATH%\techday\techday.exe' ' (со скрытым окном)
- '%ProgramFiles%\adobe\reader 10.0\reader\acrord32.exe' "%TEMP%\Survey Form PDF Download.pdf"