Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Driver' = '%APPDATA%\Sysfiles\regasm.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\driver.url
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe
- %APPDATA%\sysfiles\driver.exe
- http://45.##.228.176/cmd.php?hw###########
- http://45.##.228.176/cmd.php?ti#######
- '%APPDATA%\sysfiles\driver.exe' -o pool.hashvault.pro:3333 -u 435xgMiGQaAdy5s1bwivvjEhHumwWeVib52Px2cuN8qi3YcgsBf6Z7fadozPKLNtENaF6to2yNrhxLMugXC9p6DAEQpqeii -p x -k -v=0 --donate-level=1 -t 1
- '%APPDATA%\sysfiles\driver.exe' -o pool.hashvault.pro:3333 -u 435xgMiGQaAdy5s1bwivvjEhHumwWeVib52Px2cuN8qi3YcgsBf6Z7fadozPKLNtENaF6to2yNrhxLMugXC9p6DAEQpqeii -p x -k -v=0 --donate-level=1 -t 1' (со скрытым окном)
- '%WINDIR%\microsoft.net\framework\v4.0.30319\regasm.exe'