Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'YThxrJYCQn' = '"<LS_APPDATA>\jLWqLAMbRS\WINDOW~1.EXE"'
- <SYSTEM32>\svchost.exe
- svhost.exe
- <LS_APPDATA>\jLWqLAMbRS\WindowsUpdater.exe
- %TEMP%\svhost.exe
- 'cr#######ht.usa.nicehash.com':3355
- DNS ASK cr#######ht.usa.nicehash.com
- '%TEMP%\svhost.exe'
- '<SYSTEM32>\svchost.exe' -o cryptonight.usa.nicehash.com:3355 -u 333vEBMZMJgL9e8qru4X2vUUysMELwgmRc -p x -v 0 -t 1 --nicehash