Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'indsrs16' = '"<SYSTEM32>\$.indsrs16\indsrs16"'
- [<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] 'EnableFirewall' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- <SYSTEM32>\$.indsrs16\indsrs16.com
- C:\RECYCLER\temp.exe
- <SYSTEM32>\net.exe stop mpssvc
- <SYSTEM32>\net1.exe stop mpssvc
- <SYSTEM32>\regsvr32.exe "<SYSTEM32>\MSVBVM60.DLL" /s
- <SYSTEM32>\regsvr32.exe "<SYSTEM32>\MSWINSCN.OCX" /s
- <SYSTEM32>\regsvr32.exe "<SYSTEM32>\MSWINSCK.OCX" /s
- nod32.exe
- C:\RECYCLER\$.indsrs16\indsrs16.com
- <SYSTEM32>\$.indsrs16\srsa.exe
- <SYSTEM32>\srsa.exe
- C:\RECYCLER\cb.dll
- C:\RECYCLER\temp.exe
- <SYSTEM32>\$.indsrs16\indsrs16.com
- %TEMP%\~DF1867.tmp
- C:\RECYCLER\temp.exe
- %TEMP%\~DF6C57.tmp