Техническая информация
- %WINDIR%\Tasks\winws2.job
- [<HKLM>\SYSTEM\ControlSet001\Services\winws2] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\winlog.exe' = '%APPDATA%\winlog.exe:*:Enabled:svchost'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\anc.exe' = '%APPDATA%\anc.exe:*:Enabled:svchost'
- '%APPDATA%\winlog.exe' -a scrypt -t 2 -o stratum+tcp://ypool.net:9090 -u grtsrty.DOGE_4 -p RRTE3f3
- '%APPDATA%\anc.exe'
- '%TEMP%\setupz.exe'
- '<SYSTEM32>\sc.exe' create winws2 type= interact type= own start= auto binpath= "\"%APPDATA%\WindowsA.exe
- '<SYSTEM32>\schtasks.exe' /create /tn "winws2" /tr "\"%APPDATA%\anc.exe"" /sc onstart /ru System
- '<SYSTEM32>\netsh.exe' firewall set allowedprogram "%APPDATA%\anc.exe" svchost ENABLE
- '<SYSTEM32>\netsh.exe' firewall set allowedprogram "%APPDATA%\winlog.exe" svchost ENABLE
- %APPDATA%\pthreadGC2.dll
- %APPDATA%\libjansson-4.dll
- %APPDATA%\libcurl-4.dll
- %TEMP%\nsj5.tmp\ExecCmd.dll
- %TEMP%\nsj5.tmp\nsRandom.dll
- %APPDATA%\winlog.exe
- %APPDATA%\filedown_328301.exe
- %TEMP%\setupz.exe
- %TEMP%\Office2013 БгКЫ°жЧЄVOL°ж№¤ѕЯ\Office2013 БгКЫ°жЧЄVOL°ж№¤ѕЯ.rar
- %TEMP%\nsk2.tmp
- %APPDATA%\anc.exe
- %APPDATA%\WindowsA.exe
- %TEMP%\nsz4.tmp
- 'yp##l.net':9090
- DNS ASK yp##l.net