Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AdobeZ' = '<Полный путь к вирусу>'
- '%ALLUSERSPROFILE%\Application Data\Adobe-Z.exe' -g yes -o http://Ro##########:1234@eu.triplemining.com:8344 -t 2
- '%ALLUSERSPROFILE%\Application Data\Adobe-Z.exe' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\coinutil[1].dll
- %ALLUSERSPROFILE%\Application Data\miner.dll
- %ALLUSERSPROFILE%\Application Data\coinutil.dll
- %ALLUSERSPROFILE%\Application Data\Adobe-Z.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\adobeUp[1].exe
- %ALLUSERSPROFILE%\Application Data\phatk.ptx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\phatk[1].ptx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\usft_ext[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\miner[1].dll
- %ALLUSERSPROFILE%\Application Data\usft_ext.dll
- 'www.ne####hinfos.com':80
- 'localhost':1035
- www.ne####hinfos.com/newtech/miner/coinutil.dll
- www.ne####hinfos.com/newtech/miner/adobeUp.exe
- www.ne####hinfos.com/newtech/miner/miner.dll
- www.ne####hinfos.com/newtech/miner/phatk.ptx
- www.ne####hinfos.com/newtech/miner/usft_ext.dll
- DNS ASK www.ne####hinfos.com
- ClassName: 'Indicator' WindowName: ''