Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Defghi Klmnopqr Tuv] 'ImagePath' = '<SYSTEM32>\kkwgks.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Defghi Klmnopqr Tuv] 'Start' = '00000002'
- '<SYSTEM32>\wscript.exe' "C:\6376.vbs"
- '<SYSTEM32>\kkwgks.exe'
- C:\6376.vbs
- <SYSTEM32>\kkwgks.exe
- C:\6376.vbs
- 'wa####huo.f3322.net':4351
- DNS ASK wa####huo.f3322.net