Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'idX' = '"%APPDATA%\Roaming\JV341\iVda.exe" /iVdaXIVRpdnN3hYFvZ4vVpzsW7XxT4RhIuJV3417NSw2BKD2YlfRozCn7RHQr8n'
- '%APPDATA%\Roaming\JV341\st_4.exe' ;v4VzWXTRIJ31NwBDYfoC7HrnidXVpn3Yv4VzWXTRIJ31NwBDYfoC7HrnidXVpn3Y
- '%APPDATA%\Roaming\JV341\ws_1.exe' ;v4VzWXTRIJ31NwBDYfoC7HrnidXVpn3Yv4VzWXTRIJ31NwBDYfoC7HrnidXVpn3Y
- '%APPDATA%\Roaming\JV341\iVda.exe' /iVdaXIVRpdnN3hYFvZ4vVpzsW7XxT4RhIuJV3417NSw2BKD2YlfRozCn7RHQr8n
- '%APPDATA%\Roaming\JV341\st_4.exe' (загружен из сети Интернет)
- '%APPDATA%\Roaming\JV341\ws_1.exe' (загружен из сети Интернет)
- %APPDATA%\Roaming\JV341\VXRnh\Zђ
- %APPDATA%\Roaming\JV341\VXRnh\lel_re.arch
- %APPDATA%\Roaming\JV341\VXRnh\°
- %APPDATA%\Roaming\JV341\st_4.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\ptdb_chrome[1].exe
- %APPDATA%\Roaming\JV341\ws_1.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\34[1]
- %APPDATA%\Roaming\JV341\iVda.exe
- %APPDATA%\Roaming\JV341\I\31
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\32_3[1].mining
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\ws[1].exe
- '82.##6.54.187':80
- http://82.##6.54.187/CSD/32_3.mining
- http://82.##6.54.187/tools/ptdb_chrome.exe
- http://82.##6.54.187/v4VzWXTRIJ31NwBDYfoC7HrnidXVpn3Yv4VzWXTRIJ31NwBDYfoC7HrnidXVpn3Y/0/0/0/0/34/
- http://82.##6.54.187/tools/ws.exe
- ClassName: 'Indicator' WindowName: ''