Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%WINDIR%\svchost.exe'
- %WINDIR%\svchost.exe
- 'sa####.webutu.com':80
- http://sa####.webutu.com/botnet/cmd.txt
- http://sa####.webutu.com/botnet/
- DNS ASK sa####.webutu.com