Техническая информация
- [<HKLM>\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] 'ntdll' = 'ntdll.dll'
- %HOMEPATH%\start menu\programs\startup\sbmmiuslpg.url
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\application data\tcfxtizvsn\cfgi
- %ALLUSERSPROFILE%\application data\tcfxtizvsn\cfg
- %ALLUSERSPROFILE%\application data\tcfxtizvsn\googlechrome
- %ALLUSERSPROFILE%\application data\tcfxtizvsn\r.vbs
- %ALLUSERSPROFILE%\application data\tcfxtizvsn\r.vbs
- %ALLUSERSPROFILE%\application data\tcfxtizvsn\googlechrome в %ALLUSERSPROFILE%\application data\tcfxtizvsn\googlechrome.exe
- DNS ASK xm#####.nanopool.org
- '<SYSTEM32>\svchost.exe' -c "%ALLUSERSPROFILE%\Application Data\tCfXtiZvsN\cfg"
- '<SYSTEM32>\cmd.exe' /C WScript "%ALLUSERSPROFILE%\Application Data\tCfXtiZvsN\r.vbs"
- '<SYSTEM32>\wscript.exe' "%ALLUSERSPROFILE%\Application Data\tCfXtiZvsN\r.vbs"
- '<SYSTEM32>\svchost.exe' -c "%ALLUSERSPROFILE%\Application Data\tCfXtiZvsN\cfgi"