Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{21E9C5D3-EBFF-11CD-B6FD-00AA00B4E22A}] 'StubPath' = '%PROGRAM_FILES%\DBS.EXE'
- %PROGRAM_FILES%\DBS.EXE
- <SYSTEM32>\Kban2.exe
- <SYSTEM32>\Kban1.exe
- <SYSTEM32>\rundll32.exe url.dll,FileProtocolHandler "<SYSTEM32>\Kban2.exe"
- <SYSTEM32>\rundll32.exe url.dll,FileProtocolHandler "<SYSTEM32>\Kban1.exe"
- %PROGRAM_FILES%\DBS.EXE
- <SYSTEM32>\Kban2.exe
- <SYSTEM32>\Kban1.exe
- '11#.#11.111.2':888
- 'cd###3.3322.org':888
- DNS ASK .###aldomain
- DNS ASK cd###3.3322.org