Техническая информация
- %WINDIR%\tasks\fastsync.job
- [<HKLM>\System\CurrentControlSet\Services\Not supportive Regiment] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Not supportive Regiment] 'ImagePath' = '%APPDATA%\Not supportive Regiment\Not supportive Regiment.exe'
- %APPDATA%\not supportive regiment\not supportive regiment.exe
- %ALLUSERSPROFILE%\application data\{a1c29a90-e6d0-46c9-a1c2-29a90e6d6a43}\<Имя файла>.exe
- %APPDATA%\not supportive regiment\j8.dat
- %ALLUSERSPROFILE%\application data\{a1c29a90-e6d0-46c9-a1c2-29a90e6d6a43}\<Имя файла>.dat
- DNS ASK ge####ltiple.link
- DNS ASK al####el-pro.com
- DNS ASK ce####-ring.link
- DNS ASK ce####-ring.info
- '%APPDATA%\not supportive regiment\not supportive regiment.exe'