Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'D8wJW1mkl2OwncG®' = '%APPDATA%\ekHOoZdFpvy9oFO\m53aJUZ8d7.exe'
- %APPDATA%\ekHOoZdFpvy9oFO\svchost.exe -a 5 -o http://op######.strangled.net:8332 -u cy8ex.worker5 -p 654321 -g yes -t 1
- %APPDATA%\ekHOoZdFpvy9oFO\m53aJUZ8d7.exe
- %APPDATA%\ekHOoZdFpvy9oFO\svchost.exe (загружен из сети Интернет)
- %APPDATA%\ekHOoZdFpvy9oFO\svchost.exe
- %APPDATA%\ekHOoZdFpvy9oFO\m53aJUZ8d7.exe
- %APPDATA%\ekHOoZdFpvy9oFO\svchost.exe
- %APPDATA%\ekHOoZdFpvy9oFO\m53aJUZ8d7.exe
- 've##x.net':80
- ve##x.net/x/bcm/bitcoin-miner.exe
- DNS ASK ve##x.net