Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Defender®' = '%APPDATA%\Windows\windef.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\windef.exe
- %APPDATA%\948910.exe
- %APPDATA%\Windows\svchost.exe -a 5 -o http://po##.###clockers.com:8332 -u supermen -p 03071982supermen03071982 -g yes -t 1
- %APPDATA%\Windows\windef.exe
- %APPDATA%\Windows\svchost.exe (загружен из сети Интернет)
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2.tmp" "%TEMP%\vbc1.tmp"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\uttojyle.cmdline"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\vbc.exe /noconfig @"%TEMP%\qilgmr-i.cmdline"
- %TEMP%\vbc1.tmp
- %TEMP%\uttojyle.out
- %TEMP%\RES2.tmp
- %APPDATA%\Windows\svchost.exe
- %APPDATA%\948910.exe
- %TEMP%\uttojyle.cmdline
- %TEMP%\qilgmr-i.0.vb
- %APPDATA%\Windows\windef.exe
- %TEMP%\qilgmr-i.cmdline
- %TEMP%\uttojyle.0.vb
- %TEMP%\qilgmr-i.out
- %APPDATA%\Windows\svchost.exe
- %APPDATA%\Windows\windef.exe
- %TEMP%\uttojyle.0.vb
- %TEMP%\uttojyle.out
- %TEMP%\uttojyle.cmdline
- %TEMP%\vbc1.tmp
- %TEMP%\qilgmr-i.0.vb
- %TEMP%\qilgmr-i.cmdline
- %TEMP%\RES2.tmp
- 've##x.net':80
- ve##x.net/x/bcm/bitcoin-miner.exe
- DNS ASK ve##x.net