Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UpdSysDrvX32z' = '"%APPDATA%\UpdSysDrv32Xz\disoniba.exe"'
- '<SYSTEM32>\svchost.exe'
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cou[1].php
- %APPDATA%\UpdSysDrv32Xz\disoniba.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\cou[1].php
- 'localhost':1036
- 'pa##nax.com':80
- pa##nax.com/pow/files2/MZ?
- pa##nax.com/pow/cou.php
- DNS ASK pa##nax.com
- ClassName: 'Indicator' WindowName: '(null)'