Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Dhb' = '%LOCALAPPDATA%\Dhb\Dhbnb.vbs'
- %WINDIR%\syswow64\tapiunattend.exe
- %TEMP%\zqgcm.bmp
- %TEMP%\zqgcm.ocx
- %HOMEPATH%\music\dhbnes.exe
- %HOMEPATH%\music\dhb.bmp
- %LOCALAPPDATA%\dhb\dhbqa.bat
- %LOCALAPPDATA%\dhb\dhbnb.vbs
- %APPDATA%\remcos\logs.dat
- %TEMP%\zqgcm.ocx
- %TEMP%\zqgcm.bmp
- 'eg##.ddns.net':3908
- 'eg##.ddns.net':4101
- DNS ASK eg##.ddns.net
- '%WINDIR%\syswow64\tapiunattend.exe'