Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ComManager' = '%APPDATA%\bitcoinM\ComManager.exe'
- <SYSTEM32>\wscript.exe
- %TEMP%\aut1.tmp
- %TEMP%\LIiMUiVUTVdB
- %TEMP%\aut2.tmp
- %APPDATA%\buld2.exe
- %TEMP%\aut3.tmp
- %TEMP%\HREUZGNRDiOI
- %TEMP%\aut4.tmp
- %APPDATA%\rat.exe
- %TEMP%\aut5.tmp
- %TEMP%\SOfSMJXDIaEe
- %APPDATA%\bitcoinM\conf.ini
- %APPDATA%\bitcoinM\ComManager.exe
- %APPDATA%\bitcoinM\fl.txt
- %APPDATA%\buld2.exe
- %APPDATA%\rat.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- 'li####e2battle.com':80
- 'cm##p.com':80
- 'my####oinmania.com':80
- http://cm##p.com/
- http://my####oinmania.com/zap.php?ip###############
- DNS ASK li####e2battle.com
- DNS ASK cm##p.com
- DNS ASK my####oinmania.com
- '%APPDATA%\buld2.exe'
- '%APPDATA%\rat.exe'
- '%APPDATA%\bitcoinM\ComManager.exe'
- '<SYSTEM32>\wscript.exe'
- '<SYSTEM32>\cmd.exe' /c copy %APPDATA%\rat.exe %APPDATA%\SOfSMJXDIaEeIHXd.exe
- '<SYSTEM32>\cmd.exe' /c ?ch` [z`n?Tr!nsf?r]Z`neID = 2 > %APPDATA%\SOfSMJXDIaEeIHXd.exe:ZONE.identifier