Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\strsvc] 'ImagePath' = '%ProgramFiles%\Internet Explorer\SIGNUP\data\strsvc.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\strsvc] 'Start' = '00000002'
- %ProgramFiles%\Microsoft Office\Office15\1049\c.dll
- %ProgramFiles%\Microsoft Office\Office15\1049\cp.dll
- %ProgramFiles%\Internet Explorer\SIGNUP\data\strsvc.exe
- %ProgramFiles%\Microsoft Office\Office15\1049\mstupd.exe
- 'cc####.#00webhostapp.com':80
- 'wp#d':80
- http://cc####.#00webhostapp.com/s.php
- http://cc####.#00webhostapp.com/l.php?a=##############################################
- http://cc####.#00webhostapp.com/l.php?a=#######################################
- http://cc####.#00webhostapp.com/l.php?a=#############################
- http://11#.#11.111.1/wpad.dat via wp#d
- http://cc####.#00webhostapp.com/l.php?a=############################
- http://cc####.#00webhostapp.com/l.php?a=###########################
- DNS ASK cc####.#00webhostapp.com
- DNS ASK wp#d
- '%ProgramFiles%\Internet Explorer\SIGNUP\data\strsvc.exe'
- '<SYSTEM32>\sc.exe' create strsvc binPath= "%ProgramFiles%\Internet Explorer\SIGNUP\data\strsvc.exe" DisplayName= "Windows STR Service" start= auto
- '<SYSTEM32>\sc.exe' start strsvc
- '<SYSTEM32>\cmd.exe' /C ping localhost -n 4 > nul & sc create strsvc binPath= "%ProgramFiles%\Internet Explorer\SIGNUP\data\strsvc.exe" DisplayName= "Windows STR Service" start= auto & ping localhost -n 4 > nul & s...
- '<SYSTEM32>\ping.exe' localhost -n 4