Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'cssrs' = '%APPDATA%\Macromidia\cssrs.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\cdc32x] 'Start' = '00000000'
- %APPDATA%\Macromidia\cssrs.exe
- <SYSTEM32>\reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /v LowRiskFileTypes /t REG_SZ /d .exe /f
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Associations] 'LowRiskFileTypes' = '.exe'
- <DRIVERS>\cdc32x.sys
- %APPDATA%\Macromidia\cssrs.exe
- '67.##.25.102':80
- '75.##9.80.131':80
- 'www.sa###cumba.org':80
- 67.##.25.102/images/media/c.asp
- 75.##9.80.131/JavaScript/c.asp
- www.sa###cumba.org/
- DNS ASK www.sa###cumba.org
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''