Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WinActivate' = '%ALLUSERSPROFILE%\Documents\cpu\load.exe'
- '%ALLUSERSPROFILE%\Documents\cpu\unzip.exe' -oqq cpuminer.zip
- '%ALLUSERSPROFILE%\Documents\cpu\unzip.exe' (загружен из сети Интернет)
- %ALLUSERSPROFILE%\Documents\cpu\unzip.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\unzip[1].rav
- %ALLUSERSPROFILE%\Documents\cpu\cpuminer.zip
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\cpuminer[1].zip
- %ALLUSERSPROFILE%\Documents\cpu\load.exe
- %TEMP%\aut1.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\n09230945[1].asp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\checkip.dyndns[1]
- %TEMP%\aut1.tmp
- '94.##.229.211':80
- '94.##.229.211':21
- 'ch####p.dyndns.org':80
- 'au######on.whatismyip.com':80
- 94.##.229.211/unzip.rav
- 94.##.229.211/cpuminer.zip
- ch####p.dyndns.org/
- au######on.whatismyip.com/n09230945.asp
- DNS ASK au######on.whatismyip.com
- DNS ASK ch####p.dyndns.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'