Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'kawdcaz' = '<SYSTEM32>\kawdcaz.exe'
- <SYSTEM32>\kawdcaz.exe
- <SYSTEM32>\cmd.exe /c "%TEMP%\tmp1.bat"
- %WINDIR%\Explorer.EXE
- Библиотека-обработчик для всех процессов: <SYSTEM32>\kawdcaz.dat
- ClassName: 'AVP.TrafficMonConnectionTerm' WindowName: ''
- ClassName: 'AVP.Product_Notification' WindowName: ''
- ClassName: 'AVP.AlertDialog' WindowName: ''
- <SYSTEM32>\kawdcaz.dat
- %TEMP%\tmp1.bat
- <SYSTEM32>\kawdcaz.exe
- <SYSTEM32>\kawdcaz.dat
- <SYSTEM32>\kawdcaz.exe
- %TEMP%\tmp1.bat
- ClassName: '#32770' WindowName: '???????????????????? - IE??????'
- ClassName: '#32770' WindowName: 'IE ????????'
- ClassName: '#32770' WindowName: '??????????????????'