Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\defiihkwja.url
- %WINDIR%\notepad.exe
- iexplore.exe
- %PROGRAMDATA%\fdtsteeqni\cfgi
- %PROGRAMDATA%\fdtsteeqni\cfg
- %PROGRAMDATA%\fdtsteeqni\esp
- %PROGRAMDATA%\fdtsteeqni\r.vbs
- %PROGRAMDATA%\fdtsteeqni\r.vbs
- %PROGRAMDATA%\fdtsteeqni\esp в %PROGRAMDATA%\fdtsteeqni\esp.exe
- 'xm#.###l.minergate.com':45700
- DNS ASK xm#.###l.minergate.com
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\FdTSteEqnI\r.vbs"
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\FdTSteEqnI\cfg"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%PROGRAMDATA%\FdTSteEqnI\r.vbs"