Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'TWEAKINGSCHINDYLETICTHOUGHTFU' = 'wscript "%HOMEPATH%\PARTICIPATORHELSEKOSTENAFS\gebrdernesspaebookrheologunpe.vbs"'
- %WINDIR%\win.ini
- gebrdernesspaebookrheologunpe.exe
- %HOMEPATH%\participatorhelsekostenafs\gebrdernesspaebookrheologunpe.exe
- %HOMEPATH%\participatorhelsekostenafs\gebrdernesspaebookrheologunpe.vbs
- %APPDATA%\remcos\logs.dat
- '17#.#24.140.139':6666
- '%HOMEPATH%\participatorhelsekostenafs\gebrdernesspaebookrheologunpe.exe'