Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cssrs' = '%APPDATA%\Macromidia\cssrs.exe'
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v LowRiskFileTypes /t REG_SZ /d .exe /f
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'
- %APPDATA%\Macromidia\cssrs.exe
- 'localhost':80
- 12#.0.0.1/a.php
- 12#.0.0.1/img/a.asp
- 12#.0.0.1/images/a.asp
- ClassName: 'Indicator' WindowName: ''