Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'frm_ssterselskabers' = 'wscript "%HOMEPATH%\frm_Lophophora\frm_Punchernes.vbs"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Image' = '%APPDATA%\WinLogs.exe'
- %WINDIR%\win.ini
- %HOMEPATH%\frm_lophophora\frm_punchernes.exe
- %HOMEPATH%\frm_lophophora\frm_punchernes.vbs
- %APPDATA%\winlogs.exe
- DNS ASK BU###.DUCKDNS.ORG
- '%HOMEPATH%\frm_lophophora\frm_punchernes.exe'
- '%APPDATA%\winlogs.exe'