Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe utam.sxo cjthsax'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- <SYSTEM32>\utam.sxo
- 'we###money.com':80
- we###money.com/addfunds/bb.php?id##################################
- DNS ASK we###money.com