Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%TEMP%\..\..\Roaming\Microsoft\Windows\svchost.exe'
- %TEMP%\ltzngje
- %TEMP%\aut1.tmp
- %TEMP%\ltzngje
- %TEMP%\aut1.tmp
- 'ba####oo.vacau.com':80
- DNS ASK ba####oo.vacau.com
- ClassName: 'Indicator' WindowName: ''