Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vufmjwjwjylqhcpap' = '<SYSTEM32>\srv803.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\zwetzkaoxlSv] 'Start' = '00000002'
- '<SYSTEM32>\svchost.exe' -k DcomSec
- %TEMP%\lse2.tmp
- <SYSTEM32>\svczwetzka.dll
- C:\logbot.txt
- %TEMP%\lis1.tmp
- <SYSTEM32>\srv803.exe