Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WinViewer' = '%APPDATA%\Realtek Products\SndWire_pr_v1.exe'
- <Имя диска съемного носителя>:\Credit-Card_Generator.exe
- '%APPDATA%\Realtek Products\SndWire_6.1.532_v1.exe' -o http://de#############telo:bitcoin@eu.triplemining.com:8344 -t 3 -g yes
- '%APPDATA%\Realtek Products\SndWire_pr_v1.exe'
- '<SYSTEM32>\xcopy.exe' "%APPDATA%\Realtek Products\SndWire_pr_v1.exe" "E:\Credit-Card_Generator.exe" /H
- '<SYSTEM32>\xcopy.exe' /H "<Полный путь к вирусу>" "%APPDATA%\Realtek Products\SndWire_pr_v1.exe"
- %APPDATA%\Realtek Products\autorun.inf
- %APPDATA%\Realtek Products\SndWire_6.1.532_v1.exe
- %APPDATA%\Realtek Products\SndWire_pr_v1.exe
- %APPDATA%\Realtek Products\SndWire_pr_v1.exe
- %APPDATA%\Realtek Products\SndWire_6.1.532_v1.exe
- 'eu.###plemining.com':8344
- 'co##word.tk':80
- 'wp#d':80
- co##word.tk/CreeperVersion.txt
- co##word.tk/Valid.html
- co##word.tk/CreeperWork.txt
- wp#d/wpad.dat
- co##word.tk/creeperuser.php?us########################
- DNS ASK eu.###plemining.com
- DNS ASK co##word.tk
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'