Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost.exe' = '%APPDATA%\svchost.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\svchost.exe
- %APPDATA%\svchost.exe
- 'po##.###ft.hashvault.pro':80
- DNS ASK po##.###ft.hashvault.pro
- '%APPDATA%\svchost.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe' -B --donate-level=0 -t 1 -a cryptonight --url=pool.graft.hashvault.pro:80 -u G7qy9R6wP7dbTR81WnCtsri2pqbQE25wK6VYxJsrLjip3pbYfeF1WP624fdacomgRj7q5E93XFK8DQCMcNHjfeBCP6jSpwS.8065d8e7696a4e49bd7a...