Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'System' = '%WINDIR%\csrss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\csrss.exe' = '%WINDIR%\csrss.exe:*:Enabled:csrss'
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\socksret[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\YPORKZYZ\socksret[1].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\socksret[2].php
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\socksret[1].php
- %WINDIR%\csrss.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\socksret[1].php
- C:\2.txt
- C:\2.txt
- C:\2.txt
- 'su###b00m.info':80
- 'localhost':1039
- http://su###b00m.info/socksret.php?ip#############################
- http://su###b00m.info/socksret.php?ip############################
- DNS ASK su###b00m.info
- '%WINDIR%\csrss.exe'