Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'srtserv' = '%ALLUSERSPROFILE%\Application Data\srtserv\<Virus name>.exe'
- %ALLUSERSPROFILE%\Application Data\srtserv\<Virus name>.exe -wait
- %WINDIR%\explorer.exe <Current directory>\<Virus name>
- %ALLUSERSPROFILE%\Application Data\srtserv\set.dat
- %ALLUSERSPROFILE%\Application Data\srtserv\task.dat
- %ALLUSERSPROFILE%\Application Data\srtserv\<Virus name>.exe
- %ALLUSERSPROFILE%\Application Data\srtserv\sdata.dll
- %ALLUSERSPROFILE%\Application Data\srtserv\<Virus name>.exe
- %ALLUSERSPROFILE%\Application Data\srtserv\task.dat
- %ALLUSERSPROFILE%\Application Data\srtserv\set.dat
- '20###f42.eu.pn':80
- '8b##48b9.ru':80
- '89###d8d.h18.ru':80
- '7a##a6ad.tk':80
- 'fa###629.org.ru':80
- 'ps##ergi.dk':80
- '70###d78.net':80
- '91###ec3.info':80
- 'st###nt-card.ru':80
- 'el##ant.ru':80
- 'de####63.110mb.com':80
- '24##at.ru':80
- 'd8######.yourfreehosting.net':80
- 'a6###0eeucoz.ru':80
- 'ps###rbal.com':80
- 'f5####a0.110mb.com':80
- 20###f42.eu.pn/setx.txt
- 8b##48b9.ru/setx.txt
- 89###d8d.h18.ru/setx.txt
- 7a##a6ad.tk/setx.txt
- fa###629.org.ru/setx.txt
- ps##ergi.dk/data/taskx.txt
- 70###d78.net/setx.txt
- 91###ec3.info/setx.txt
- st###nt-card.ru/data/setx.txt
- el##ant.ru/data/setx.txt
- de####63.110mb.com/setx.txt
- 24##at.ru/data/setx.txt
- d8######.yourfreehosting.net/setx.txt
- a6###0eeucoz.ru/setx.txt
- ps###rbal.com/data/setx.txt
- f5####a0.110mb.com/setx.txt
- ps##ergi.dk/data/stat.php
- DNS ASK 20###f42.eu.pn
- DNS ASK 8b##48b9.ru
- DNS ASK 89###d8d.h18.ru
- DNS ASK 7a##a6ad.tk
- DNS ASK fa###629.org.ru
- DNS ASK ps##ergi.dk
- DNS ASK 70###d78.net
- DNS ASK 91###ec3.info
- DNS ASK a6###0eeucoz.ru
- DNS ASK st###nt-card.ru
- DNS ASK 24##at.ru
- DNS ASK de####63.110mb.com
- DNS ASK el##ant.ru
- DNS ASK d8######.yourfreehosting.net
- DNS ASK f5####a0.110mb.com
- DNS ASK ps###rbal.com
- '<Private IP address>':1036
- ClassName: '' WindowName: ''