Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\esentutl.url
- %WINDIR%\syswow64\dllhost.exe
- %WINDIR%\syswow64\svchost.exe
- %HOMEPATH%\esentutl\esentutl.vbs
- %HOMEPATH%\esentutl\credwiz.exe
- %APPDATA%\remcos\logs.dat
- %APPDATA%\remcos\logs.dat
- 'ug####.duckdns.org':2404
- DNS ASK ug####.duckdns.org
- '%WINDIR%\syswow64\dllhost.exe'
- '%WINDIR%\syswow64\svchost.exe'