Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ttool' = '%WINDIR%\srsdllpro.exe'
- %WINDIR%\srsdllpro.exe
- <SYSTEM32>\cmd.exe /c ""<Текущая директория>\abcdefg.bat" "<Полный путь к вирусу>""
- <SYSTEM32>\cscript.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\options[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\cmd[1]
- %WINDIR%\srsdllpro.exe
- <Текущая директория>\abcdefg.bat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\options[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\0D6B6PI5\cmd[1]
- '91.##3.94.131':80
- 'localhost':1036
- 91.##3.94.131/cgi-bin/cmd.cgi?us################################################################################################
- 91.##3.94.131/cgi-bin/options.cgi?us################################################################################################
- 91.##3.94.131/cgi-bin/cert.cgi
- 91.##3.94.131/cgi-bin/pstore.cgi
- ClassName: 'Indicator' WindowName: ''