Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UpdSysDrvX32z32' = '"%APPDATA%\Roaming\UpdSysDrv32Xz32\fiqyqawi.exe"'
- '<SYSTEM32>\svchost.exe'
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\cou[1].php
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\upd[1].php
- %APPDATA%\Roaming\UpdSysDrv32Xz32\fiqyqawi.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\cou[1].php
- '21#.23.1.43':80
- 21#.23.1.43/cou.php
- 21#.23.1.43/upd.php
- ClassName: 'Note' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'MainForm' WindowName: ''
- ClassName: 'Unicode' WindowName: ''