Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\OffercrowdSvc] 'Start' = '00000002'
- '%APPDATA%\Offercrowd\Offercrowd.exe' -scm32
- '%APPDATA%\Offercrowd\OffercrowdSvc.exe'
- iexplore.exe
- firefox.exe
- chrome.exe
- %APPDATA%\Offercrowd\InjectScript.js
- %APPDATA%\Offercrowd\uninst.exe
- %TEMP%\nsj3.tmp\SimpleSC.dll
- %APPDATA%\Offercrowd\OffercrowdSvc.exe
- %TEMP%\nsu2.tmp
- %TEMP%\nsj3.tmp\System.dll
- %APPDATA%\Offercrowd\Offercrowd.exe
- %TEMP%\nsj3.tmp\System.dll
- %TEMP%\nsj3.tmp\SimpleSC.dll
- 'www.of###crowd.com':443
- DNS ASK www.of###crowd.com