Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XMRRUN' = '<SYSTEM32>\audiodig.exe -c <SYSTEM32>\audiodig'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- <SYSTEM32>\audiodig.exe
- <SYSTEM32>\audiodig
- <SYSTEM32>\init.bat
- <SYSTEM32>\audiodig.reg
- %TEMP%\IXP000.TMP\audiodig.exe
- %TEMP%\IXP000.TMP\audiodig
- %TEMP%\IXP000.TMP\init.bat
- %TEMP%\IXP000.TMP\audiodig.reg
- 'et#####a1.nanopool.org':13333
- DNS ASK et#####a1.nanopool.org
- '<SYSTEM32>\audiodig.exe' -c <SYSTEM32>\audiodig
- '<SYSTEM32>\reg.exe' import <SYSTEM32>\audiodig.reg
- '<SYSTEM32>\cmd.exe' /c init.bat