Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Mining.exe'
- %APPDATA%\Mining\coin-miner.exe -o http://ji############_1121:1121@mint.bitminter.com:8332 -I 0 -t 2 -T 75
- %APPDATA%\Mining\coin-miner.exe (загружен из сети Интернет)
- %APPDATA%\Mining\coinutil.dll
- %APPDATA%\Mining\miner.dll
- %APPDATA%\Mining\phatk.ptx
- %APPDATA%\Mining\btc.il
- %APPDATA%\Mining\phatk.cl
- %APPDATA%\Mining\btc-evergreen.il
- %APPDATA%\Mining\usft_ext.dll
- %APPDATA%\Mining\guicomp.dll
- %APPDATA%\Mining\coin-miner.exe
- %APPDATA%\Mining\interop.coineng.dll
- из <Полный путь к вирусу> в %APPDATA%\Mining\Mining.exe
- 'ex##ple.com':80
- 'wp#d':80
- ex##ple.com/files/coinutil.dll
- ex##ple.com/files/miner.dll
- ex##ple.com/files/phatk.ptx
- ex##ple.com/files/btc.il
- ex##ple.com/files/phatk.cl
- ex##ple.com/files/coin-miner.exe
- ex##ple.com/files/usft_ext.dll
- wp#d/wpad.dat
- ex##ple.com/files/btc-evergreen.il
- ex##ple.com/files/interop.coineng.dll
- ex##ple.com/files/guicomp.dll
- DNS ASK ex##ple.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''