Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\OffercrowdSvc] 'Start' = '00000002'
- '%APPDATA%\Offercrowd\Offercrowd.exe' -scm32
- '%APPDATA%\Offercrowd\OffercrowdSvc.exe'
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- iexplore.exe
- firefox.exe
- chrome.exe
- %APPDATA%\Offercrowd\InjectScript.js
- %APPDATA%\Offercrowd\OffercrowdSvc.exe
- %TEMP%\nsd3.tmp\SimpleSC.dll
- %APPDATA%\Offercrowd\uninst.exe
- %TEMP%\nsd3.tmp\System.dll
- %TEMP%\nso2.tmp
- %APPDATA%\Offercrowd\Offercrowd.exe
- %APPDATA%\Offercrowd\Offercrowd.dll
- %TEMP%\nsd3.tmp\System.dll
- %TEMP%\nsd3.tmp\SimpleSC.dll
- 'www.of###crowd.com':443
- DNS ASK www.of###crowd.com