Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'cUnlqicUty' = '"<LS_APPDATA>\uwImEisUpa\ADVANC~1.EXE"'
- '<SYSTEM32>\svchost.exe' -a cryptonight -o stratum+tcp://monerohash.com:80 -u 49QgadjdBBZ6tG9htFBSpmKKd5Wkbkze7ELJVSnkcDqB4JxDmNmXjpiBYfEcCoDqoW21MhhGZ4tQPgoDD4LJqbVcDZ6yyDC -p x -t 2
- '<SYSTEM32>\svchost.exe'
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\uwImEisUpa\advancedsystem3.exe