Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'BEDYRER' = '%HOMEPATH%\harmeligst\cranioplasty.vbs'
- cranioplasty.exe
- %HOMEPATH%\harmeligst\cranioplasty.exe
- %HOMEPATH%\harmeligst\cranioplasty.vbs
- http://21#.#38.205.164/Host_encrypted_F17BD4F.bin
- DNS ASK el#####king444.ddns.net
- '%HOMEPATH%\harmeligst\cranioplasty.exe'