Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'csrcs' = '<SYSTEM32>:csrcs.com'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B3F402D-96C3-FD61-DE99-B87CE15A5F46}] 'StubPath' = '<SYSTEM32>:csrcs.com'
- '%TEMP%\csrec.exe'
- '%TEMP%\txt.exe'
- ClassName: 'Filemonclass' WindowName: ''
- ClassName: 'Regmonclass' WindowName: ''
- <SYSTEM32>:csrcs.com
- %TEMP%\csrec.exe
- %TEMP%\txt.exe
- %TEMP%\csrec.exe
- 'www.xy###tre.com':5558
- DNS ASK www.xy###tre.com
- ClassName: '18467-41' WindowName: ''
- ClassName: '4823-00000029' WindowName: ''