Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,xbcab.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\xbcab.exe
- '20####.uara2001.com':80
- 20####.uara2001.com/208304/208304.bmp
- 20####.uara2001.com/208304/208304.jpg
- 20####.uara2001.com/208304/208304.gif
- DNS ASK www.microsoft.com
- DNS ASK 20####.uara2001.com
- DNS ASK www.xy##.com