Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'ALLERUNDERDANIGSTERANGSFO' = 'wscript "%HOMEPATH%\BARLOCKCHURCHWARDENISMBULNI\noninferablefibrocementdagpen.vbs"'
- %WINDIR%\win.ini
- noninferablefibrocementdagpen.exe
- %HOMEPATH%\barlockchurchwardenismbulni\noninferablefibrocementdagpen.exe
- %HOMEPATH%\barlockchurchwardenismbulni\noninferablefibrocementdagpen.vbs
- %APPDATA%\remcos\logs.dat
- DNS ASK st#####.warzonedns.com
- '%HOMEPATH%\barlockchurchwardenismbulni\noninferablefibrocementdagpen.exe'