Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Startup key' = '%HOMEPATH%\subfolder1\filename1.vbs'
- filename1.exe
- %HOMEPATH%\subfolder1\filename1.exe
- %HOMEPATH%\subfolder1\filename1.vbs
- %APPDATA%\remcos\logs.dat
- 'ba####1.gam2ng.pw':3090
- http://gl###lwebpay.co/cs/ZEU$_encrypted_6CFBE60.bin
- DNS ASK gl###lwebpay.co
- DNS ASK ba####1.gam2ng.pw
- '%HOMEPATH%\subfolder1\filename1.exe'