Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '·зЛЩ' = '%PROGRAM_FILES%\Fsdyvod\Tvod.exe'
- '<SYSTEM32>\FsDianYing_myad_13214.exe'
- '<SYSTEM32>\FsDianYing_myad_13214.exe' (загружен из сети Интернет)
- <SYSTEM32>\FsDianYing_myad_13214.exe
- 'zl.##lead.cn':80
- zl.##lead.cn/cpaDirectUrl.aspx?d=###########################################
- DNS ASK zl.##lead.cn
- ClassName: 'Button' WindowName: '?? ??(&N)'
- ClassName: '#32770' WindowName: '???????????? 4.3.1.18 ????'