Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wscaya emmkwgao] 'Start' = '00000002'
- '%WINDIR%\Cugmgyy.exe'
- '<SYSTEM32>\wscript.exe' "C:\2080.vbs"
- C:\2080.vbs
- %WINDIR%\Cugmgyy.exe
- C:\2080.vbs
- 'ch####b.f3322.org':8676
- DNS ASK ch####b.f3322.org