Техническая информация
- %WINDIR%\543149975cbcdb9b24a5a1c839631332.exe "%WINDIR%\\6fbd6e1f90fc442a2a83e49a1b4076f5.exe" -o http://eu.#####emining.com:8344 -u DarkStar851_botcoin -p botcoin
- %WINDIR%\543149975cbcdb9b24a5a1c839631332.exe (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\6fbd6e1f90fc442a2a83e49a1b4076f5[1].exe
- %WINDIR%\6fbd6e1f90fc442a2a83e49a1b4076f5.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\543149975cbcdb9b24a5a1c839631332[1].exe
- %WINDIR%\543149975cbcdb9b24a5a1c839631332.exe
- 'www.fi###old.net':80
- www.fi###old.net/files/6fbd6e1f90fc442a2a83e49a1b4076f5.exe
- www.fi###old.net/files/543149975cbcdb9b24a5a1c839631332.exe
- DNS ASK www.fi###old.net