Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Wskdlo qxfgrjgd' = '%ProgramFiles(x86)%\Microsoft Xwfyrj\Clunwzb.exe'
- %ProgramFiles(x86)%\microsoft xwfyrj\clunwzb.exe
- 'ba##u.com':9090
- DNS ASK ba##u.com
- DNS ASK r.###gyou.com
- '%ProgramFiles(x86)%\microsoft xwfyrj\clunwzb.exe'