Техническая информация
- [<HKLM>\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] 'ntdll' = 'ntdll.dll'
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\application data\bxvabwvjrn\cfgi
- %ALLUSERSPROFILE%\application data\bxvabwvjrn\cfg
- 'su######er.newminersage.com':9556
- DNS ASK su######er.newminersage.com
- '<SYSTEM32>\svchost.exe' -c "%ALLUSERSPROFILE%\Application Data\bXvaBWVJrN\cfg"