Техническая информация
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=4632
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=3888
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=3480
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=3180
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=3280
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=2592
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=5044
- '%APPDATA%\InspectData\displaydrivers.exe' -a scrypt -g no -oltc-eu.give-me-coins.com:3333 -u Carmagedon.public -p libra -t 8
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=3388
- '%APPDATA%\InspectData\displaydrivers.exe' /pid=5844
- '%APPDATA%\InspectData\displaydrivers.exe' (загружен из сети Интернет)
- '<SYSTEM32>\attrib.exe' /pid=2852
- '<SYSTEM32>\attrib.exe' -s -h %APPDATA%\InspectData
- %APPDATA%\InspectData\openssl.dll
- %APPDATA%\InspectData\phatk.cl
- %APPDATA%\InspectData\usft_ext.dll
- %APPDATA%\InspectData\mpir.dll
- %APPDATA%\InspectData\displaydrivers.exe
- %APPDATA%\InspectData\coinutil.dll
- %APPDATA%\InspectData\miner.dll
- из <Полный путь к вирусу> в %APPDATA%\InspectData\1111.exe
- '19#.#0.57.179':80
- 'wp#d':80
- 19#.#0.57.179/sovikat/openssl.dll
- 19#.#0.57.179/sovikat/mpir.dll
- 19#.#0.57.179/sovikat/usft_ext.dll
- 19#.#0.57.179/sovikat/phatk.cl
- 19#.#0.57.179/sovikat/coin-miner.exe
- wp#d/wpad.dat
- 19#.#0.57.179/sovikat/miner.dll
- 19#.#0.57.179/sovikat/coinutil.dll
- DNS ASK wp#d