Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Wnnocg qawkqa] 'Start' = '00000002'
- '%WINDIR%\Lqukgcm.exe'
- 'C:\Iddcjq.exe'
- '<SYSTEM32>\wscript.exe' "C:\19961227.vbs"
- C:\19961227.vbs
- %WINDIR%\Lqukgcm.exe
- C:\Iddcjq.exe
- C:\19961227.vbs
- C:\Iddcjq.exe
- 'le###.publicvm.com':2014
- 'xi####.publicvm.com':2014
- DNS ASK le###.publicvm.com
- DNS ASK xi####.publicvm.com