Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WmdMonitor] 'Start' = '00000002'
- <SYSTEM32>\svchost.exe -k WmdMonitor
- %TEMP%\~My10.tmp
- <SYSTEM32>\tvtgmonitor.dll
- <SYSTEM32>\svcfg32.dat
- %TEMP%\~My10.tmp.cab
- 'do###.ueuo.com':80
- 'localhost':1035
- do###.ueuo.com/images/php/images/index.php
- DNS ASK do###.ueuo.com