Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'NgdDffArZm' = '"<LS_APPDATA>\kJItMsIAGD\svchost.exe"'
- '<SYSTEM32>\svchost.exe' -a cryptonight -o stratum+tcp://188.168.165.3:123 -u 46QLYYLStUuYo4Up6ytxSeGWDCYde7NkvRyuyJQrf2VwgS7QVAMnVknY4iJ3oYUpyG9kBL5akmiQo1RXhZm3oSLNKQWGKZa -p 1 -t 1
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\kJItMsIAGD\svchost.exe
- %TEMP%\betsender.exe