Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UpdSysDrvX32g' = '"%APPDATA%\UpdSysDrv32Xg\cycapomi.exe"'
- '<SYSTEM32>\svchost.exe'
- %APPDATA%\UpdSysDrv32Xg\UpdSysDrvg.jpg
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\MZђ[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\MZђ[1]
- %APPDATA%\UpdSysDrv32Xg\cycapomi.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\test[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\MZђ[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\test[1].php
- 'localhost':1038
- '21#.#74.100.234':80
- 21#.#74.100.234/eu99901/upload/MZ?
- 21#.#74.100.234/eu99901/test.php
- ClassName: 'Indicator' WindowName: '(null)'