Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bit' = '<SYSTEM32>\invis.vbs'
- <SYSTEM32>\bit.exe -a 5 -o http://pi#.###pbit.net:8332 -u bitcoincba@hotmail.com -p 1313dam
- <SYSTEM32>\wscript.exe "<SYSTEM32>\invis.vbs"
- <SYSTEM32>\bit.exe
- <SYSTEM32>\invis.vbs
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'pi#.#eepbit.net':8332
- DNS ASK pi#.#eepbit.net
- ClassName: 'Shell_TrayWnd' WindowName: ''