Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'Explorer.exe rundll32.exe uyca.lwo adytxy'
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\uyca.lwo
- %TEMP%\1.tmp
- 'ka####kotazza.com':80
- ka####kotazza.com/indux/001.php?ma####################################################################
- DNS ASK ka####kotazza.com