Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UpdSysDrvX32z32' = '"%APPDATA%\UpdSysDrv32Xz32\liveduko.exe"'
- '<SYSTEM32>\svchost.exe'
- %HOMEPATH%\My Documents\HELP_DECRYPT.jpg
- %HOMEPATH%\Desktop\HELP_DECRYPT.jpg
- %HOMEPATH%\My Documents\My Music\HELP_DECRYPT.txt
- %HOMEPATH%\My Documents\My Music\HELP_DECRYPT.jpg
- C:\HELP_DECRYPT.jpg
- %HOMEPATH%\My Documents\My Pictures\HELP_DECRYPT.jpg
- C:\HELP_DECRYPT.txt
- %TEMP%\~DFE5FE.tmp
- %APPDATA%\UpdSysDrv32Xz32\UpdSysDrz32.jpg
- %APPDATA%\UpdSysDrv32Xz32\liveduko.exe
- %HOMEPATH%\My Documents\My Pictures\HELP_DECRYPT.txt
- %HOMEPATH%\My Documents\HELP_DECRYPT.txt
- %HOMEPATH%\Desktop\HELP_DECRYPT.txt
- 'tr###cension.ru':80
- http://tr###cension.ru/11/upd.php?cc#############################################################################################################################################################...
- http://tr###cension.ru/11/3.txt
- http://tr###cension.ru/11/upd.php
- http://tr###cension.ru/11/img2.jpg
- DNS ASK tr###cension.ru
- ClassName: 'Indicator' WindowName: ''