Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Chrome\Mining.exe'
- %APPDATA%\Chrome\coin-miner.exe -o http://1G##########w4nFMiFqtReDEFen6ucFr1:x@http://mining.eligius.st:8337 -I 5 -t 2 -T 90
- %APPDATA%\Chrome\coin-miner.exe (загружен из сети Интернет)
- %APPDATA%\Chrome\coinutil.dll
- %APPDATA%\Chrome\miner.dll
- %APPDATA%\Chrome\phatk.ptx
- %APPDATA%\Chrome\btc.il
- %APPDATA%\Chrome\phatk.cl
- %APPDATA%\Chrome\btc-evergreen.il
- %APPDATA%\Chrome\usft_ext.dll
- %APPDATA%\Chrome\guicomp.dll
- %APPDATA%\Chrome\coin-miner.exe
- %APPDATA%\Chrome\interop.coineng.dll
- из <Полный путь к вирусу> в %APPDATA%\Chrome\Mining.exe
- 'ga###kings.nl':80
- 'wp#d':80
- ga###kings.nl/miner/coinutil.dll
- ga###kings.nl/miner/miner.dll
- ga###kings.nl/miner/phatk.ptx
- ga###kings.nl/miner/btc.il
- ga###kings.nl/miner/phatk.cl
- ga###kings.nl/miner/coin-miner.exe
- ga###kings.nl/miner/usft_ext.dll
- wp#d/wpad.dat
- ga###kings.nl/miner/btc-evergreen.il
- ga###kings.nl/miner/interop.coineng.dll
- ga###kings.nl/miner/guicomp.dll
- DNS ASK ga###kings.nl
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''