Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'uqzrfCWSngiryThcKsvsGiCG' = '%APPDATA%\uqzrfCWSngiryThcKsvsGiCG.exe'
- '%APPDATA%\uqzrfCWSngiryThcKsvsGiCG.exe'
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 1
- %APPDATA%\uqzrfCWSngiryThcKsvsGiCG.exe
- 'kw###esh.biz':80
- kw###esh.biz/yester/gate.php/gate.php
- DNS ASK kw###esh.biz