Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Userinit' = '<SYSTEM32>\userinit.exe,oscab.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\oscab.exe
- 'h1#####.uara2001.com':80
- h1#####.uara2001.com/h101628/h101628.bmp
- h1#####.uara2001.com/h101628/h101628.jpg
- h1#####.uara2001.com/h101628/h101628.gif
- DNS ASK www.microsoft.com
- DNS ASK h1#####.uara2001.com
- DNS ASK www.ne###-club.com