Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'audiodg_US.exe' = '%HOMEPATH%\My Documents\audiodg_US.exe'
- %WINDIR%\Tasks\SA.DAT
- %HOMEPATH%\My Documents\CRNJEUFU.exe http://se###eserver.su/media/miner.exe
- %HOMEPATH%\My Documents\audiodg_US.exe
- %HOMEPATH%\My Documents\CRNJEUFU.exe (загружен из сети Интернет)
- <SYSTEM32>\svchost.exe
- ClamWin.exe
- maplestory.exe
- %HOMEPATH%\My Documents\CRNJEUFU.exe
- %HOMEPATH%\My Documents\audiodg_US.exe
- %HOMEPATH%\My Documents\audiodg_US.exe
- <SYSTEM32>\svchost.exe
- 'co#####ingpeoples.net':80
- 'se###eserver.su':80
- 'wp#d':80
- se###eserver.su/media/miner.exe
- wp#d/wpad.dat
- co#####ingpeoples.net/dotnet/connect.php
- DNS ASK co#####ingpeoples.net
- DNS ASK se###eserver.su
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''