Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'upco' = '%APPDATA%\upco.exe'
- '<SYSTEM32>\cmd.exe' /c rd /s /q "%appdata%\Macromedia\Flash Player\#SharedObjects"
- %APPDATA%\y8FSyN0.mem
- 'ka###skpy.info':80
- http://7w#.com/a/b/dver.php via ka###skpy.info
- DNS ASK ka###skpy.info
- ClassName: '' WindowName: 'RegCool'
- ClassName: '' WindowName: 'System Configuration'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'RegAlyzer'
- ClassName: '' WindowName: 'System Restore'
- ClassName: '' WindowName: 'Registry Editor'
- ClassName: '' WindowName: 'Registry'