Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'frm_Navnefringernes' = 'wscript "%HOMEPATH%\frm_Turnkeys\frm_STAVREDE.vbs"'
- %WINDIR%\win.ini
- frm_stavrede.exe
- %HOMEPATH%\frm_turnkeys\frm_stavrede.exe
- %HOMEPATH%\frm_turnkeys\frm_stavrede.vbs
- %APPDATA%\remcos\logs.dat
- DNS ASK pe####a.hopto.org
- '%HOMEPATH%\frm_turnkeys\frm_stavrede.exe'