Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = '%APPDATA%\svchost.exe,explorer.exe'
- %APPDATA%\winlogon.exe -g yes -o http://co#########est@eu.triplemining.com:8344
- %APPDATA%\winlogon.exe (загружен из сети Интернет)
- %APPDATA%\phatk.ptx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\q9atm[1]
- %APPDATA%\winlogon.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\zz6jx[1]
- %APPDATA%\usft_ext.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\oj149[1]
- %APPDATA%\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\eqlo5[1]
- %APPDATA%\miner.dll
- 'sh###send.com':80
- sh###send.com/download/q9atm
- sh###send.com/download/zz6jx
- sh###send.com/download/oj149
- sh###send.com/download/eqlo5
- DNS ASK sh###send.com