Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrss' = '"%HOMEPATH%\My Documents\My Videos\csrss\chp.exe" csrss.exe -poolip=176.34.128.129 -poolport=1337 -pooluser=AZqgLXarpu4iKYXUwCSx1TitDtRM8Pv2SJ -poolpassword=PASSWORD -genproclimit=2'
- '%HOMEPATH%\My Documents\My Videos\csrss\csrss.exe' -poolip=176.34.128.129 -poolport=1337 -pooluser=AZqgLXarpu4iKYXUwCSx1TitDtRM8Pv2SJ -poolpassword=PASSWORD -genproclimit=2
- '%HOMEPATH%\My Documents\My Videos\csrss\chp.exe' csrss.exe -poolip=176.34.128.129 -poolport=1337 -pooluser=AZqgLXarpu4iKYXUwCSx1TitDtRM8Pv2SJ -poolpassword=PASSWORD -genproclimit=2
- %HOMEPATH%\My Documents\My Videos\csrss\csrss.exe
- %HOMEPATH%\My Documents\My Videos\csrss\chp.exe
- %TEMP%\nsf2.tmp\Math.dll
- %HOMEPATH%\My Documents\My Videos\Desktop.ini
- %TEMP%\nsf2.tmp\CPUFeatures.dll
- %HOMEPATH%\My Documents\My Videos\Desktop.ini
- %TEMP%\nsf2.tmp\Math.dll
- %TEMP%\nsf2.tmp\CPUFeatures.dll
- '17#.#4.128.129':1337