Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '[STARTUPKEY]' = '%APPDATA%\[FOLDER2DROP]\[Loader_Miner.exe]'
- '<SYSTEM32>\attrib.exe' -s -h %APPDATA%\[FOLDER2DROP]
- %APPDATA%\[FOLDER2DROP]\phatk.ptx
- %APPDATA%\[FOLDER2DROP]\phatk.cl
- %APPDATA%\[FOLDER2DROP]\usft_ext.dll
- %TEMP%\37485.dmp
- %TEMP%\dw.log
- %APPDATA%\[FOLDER2DROP]\miner.dlls
- %APPDATA%\[FOLDER2DROP]\bdb.dll
- %APPDATA%\[FOLDER2DROP]\[UFASoft.exe]
- %APPDATA%\[FOLDER2DROP]\btc.il
- %APPDATA%\[FOLDER2DROP]\coinutil.dll
- %APPDATA%\[FOLDER2DROP]\btc-evergreen.il
- из <Полный путь к вирусу> в %APPDATA%\[FOLDER2DROP]\[Loader_Miner.exe]
- 'ha###orum.asia':80
- 'wp#d':80
- ha###orum.asia/host/miner.dll
- ha###orum.asia/host/coinutil.dll
- ha###orum.asia/host/phatk.cl
- ha###orum.asia/host/usft_ext.dll
- ha###orum.asia/host/phatk.ptx
- ha###orum.asia/host/coin-miner.exe
- wp#d/wpad.dat
- ha###orum.asia/host/bdb.dll
- ha###orum.asia/host/btc-evergreen.il
- ha###orum.asia/host/btc.il
- DNS ASK ha###orum.asia
- DNS ASK wp#d
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'