Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Mineiro' = '"C:\fopen\mineiro.exe"'
- '%TEMP%\2.tmp\mineiro.exe' -a scrypt -o http://p2###l.org:9327 -u LiLuUXn77Lbkn6eu5vKstDvche8BXXHZTJ -p password
- '%TEMP%\2.tmp\web.exe'
- 'C:\fopen\mineiro.exe'
- '<SYSTEM32>\attrib.exe' +h +r +s mineiro.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2.tmp\mineiro.bat" "
- '<SYSTEM32>\attrib.exe' +h +r +s fopen
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\bot.cmd" "
- '<SYSTEM32>\reg.exe' import mineiro.reg
- %TEMP%\2.tmp\web.exe
- %TEMP%\2.tmp\mineiro.exe
- %TEMP%\2.tmp\zlib1.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\index[1].php
- %TEMP%\2.tmp\libcurl-4.dll
- %TEMP%\2.tmp\libwinpthread-1.dll
- %TEMP%\1.tmp\mineiro.reg
- %TEMP%\1.tmp\bot.cmd
- %TEMP%\1.tmp\mineiro.exe
- %TEMP%\2.tmp\mineiro.bat
- C:\fopen\mineiro.exe
- C:\fopen\mineiro.exe
- %TEMP%\1.tmp\bot.cmd
- '19#.#85.176.93':80
- 'localhost':1037
- 'p2##ol.org':9327
- 19#.#85.176.93/~poker597/asdsad/index.php?xt##############
- DNS ASK p2##ol.org
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'