Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'sunUpdate' = '"<SYSTEM32>\srvhost.exe"'
- '<SYSTEM32>\reg.exe' add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v sunUpdate /t reg_sz /d \"<SYSTEM32>\srvhost.exe\"
- '<SYSTEM32>\srvhost.exe'
- '<SYSTEM32>\cmd.exe' /c %TEMP%\xxm3.tmp.bat
- '<SYSTEM32>\cmd.exe' /c %TEMP%\xxm1.tmp.bat
- '%TEMP%\tmp2.tmp'
- %TEMP%\kvndm.tmp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\s[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\s3[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\s2[1].txt
- %TEMP%\tmp2.tmp
- %TEMP%\xxm1.tmp.bat
- <SYSTEM32>\srvhost.exe
- %TEMP%\xxm3.tmp.bat
- %TEMP%\kvndm.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\kvndm.tmp
- '10.#0.10.23':80
- 'localhost':1037
- http://10.#0.10.23/s3.txt
- http://10.#0.10.23/s2.txt
- http://10.#0.10.23/s.txt