Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'systemfilebin32.exe' = '%HOMEPATH%\Local Settings\Temp'
- '' (downloaded from the Internet)
- %TEMP%\svchosts.exe
- %TEMP%\systemprocess32.exe
- 'by##coin.tk':80
- http://by##coin.tk/m/svchosts.exe
- http://by##coin.tk/m/systemprocess32.exe
- DNS ASK by##coin.tk
- '%TEMP%\svchosts.exe'
- '%TEMP%\systemprocess32.exe'