Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Client Runtime Service' = '%TEMP%\service.vbs'
- Средство контроля пользовательских учетных записей (UAC)
- '<SYSTEM32>\wscript.exe' "%TEMP%\service.vbs"
- %TEMP%\pthreadVC2.dll
- %TEMP%\cvtres.exe
- %TEMP%\service.vbs
- %TEMP%\jansson.dll
- %TEMP%\libcurl-4.dll
- %TEMP%\pthreadGC2-w64.dll
- 'www.di#####inkupload.com':80
- 'wp#d':80
- www.di#####inkupload.com/uploads/193.0.200.132/pthreadVC2.png
- www.di#####inkupload.com/uploads/193.0.200.132/minerd-x64-nocona.png
- www.di#####inkupload.com/uploads/193.0.200.132/service_vWcLeY.jpg
- www.di#####inkupload.com/uploads/193.0.200.132/pthreadGC2-w64.png
- wp#d/wpad.dat
- www.di#####inkupload.com/uploads/193.0.200.132/jansson.png
- www.di#####inkupload.com/uploads/193.0.200.132/libcurl-4-x64.png
- DNS ASK www.di#####inkupload.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'