Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MSLOGON' = '%WINDIR%\Downloaded Program Files\00019C6A.exe'
- %WINDIR%\Tasks\SA.DAT
- %WINDIR%\Downloaded Program Files\00019C6A.exe
- %WINDIR%\Downloaded Program Files\00019C6A.DAT
- %WINDIR%\Downloaded Program Files\00019C6A.exe
- <SYSTEM32>\dllcache\NT5INF.CAT
- 'www.wa####eqiaodan.com':80
- www.wa####eqiaodan.com/girl/cmd.rar
- DNS ASK www.wa####eqiaodan.com
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''