Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Kpfcqu gacisa] 'Start' = '00000002'
- %PROGRAM_FILES%\Ruuuqx oaauk\Rwoychp.exe
- <SYSTEM32>\wscript.exe "C:\8500.vbs"
- C:\8500.vbs
- %PROGRAM_FILES%\Ruuuqx oaauk\Rwoychp.exe
- C:\8500.vbs
- '11####54.f3322.org':5999
- DNS ASK 11####54.f3322.org