Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Defender Windows®' = '%APPDATA%\Defender\windef.exe'
- %APPDATA%\Defender\windef.exe
- %APPDATA%\Defender\svchost.exe
- %APPDATA%\Defender\windef.exe
- %APPDATA%\Defender\svchost.exe
- %APPDATA%\Defender\windef.exe
- 've##x.net':80
- ve##x.net/x/bcm/bitcoin-miner.exe
- DNS ASK ve##x.net