Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GLWAET' = '<LS_APPDATA>\GLWAET\GLWAETNAK.vbs'
- <SYSTEM32>\regsvr32.exe
- %TEMP%\glwaeterk.exe
- %TEMP%\glwaet.bmp
- %TEMP%\glwaet.txt
- %HOMEPATH%\contacts\glwaetpot.exe
- %HOMEPATH%\dax\glwaet.bmp
- <LS_APPDATA>\glwaet\glwaetsws.bat
- <LS_APPDATA>\glwaet\glwaetnak.vbs
- %APPDATA%\remcos\logs.dat
- %TEMP%\glwaet.txt
- DNS ASK ch#####ago6.dynu.net
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\glwaeterk.exe'
- '<SYSTEM32>\regsvr32.exe'