Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Tuvwxyabcdehij] 'ImagePath' = '%ProgramFiles%\Internet Explorer\csrss.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Tuvwxyabcdehij] 'Start' = '00000002'
- %ProgramFiles%\Mining.exe
- %ProgramFiles%\Internet Explorer\csrss.exe
- <Полный путь к файлу> в <SYSTEM32>\138421.bak
- 'mo###ohash.com':3333
- 'eq###ion.mpc.cn':3957
- DNS ASK mo###ohash.com
- DNS ASK Eq###ion.mpc.cn
- '%ProgramFiles%\Mining.exe' -o stratum+tcp://monerohash.com:3333 -u 44dSUmMLmqUFTWjv8tcTvbQbSnecQ9sAUT5CtbwDFcfwfSz92WwG97WahMPBdGtXGu4jWFgNtTZrbAkhFYLDFf2GAwfprEg -p x
- '%ProgramFiles%\Internet Explorer\csrss.exe'