Technical Information
- <SYSTEM32>\tasks\microsoft\windows\entityframework\netlibrary
- [<HKLM>\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%' = '00000000'
- <Current directory>\microsoft.win32.taskscheduler.dll
- <SYSTEM32>\config\systemprofile\appdata\local\gdipfontcachev1.dat
- <Current directory>\swika.exe
- <Full path to file>
- <Current directory>\swika.exe
- DNS ASK El######evnaIchetovkina.ru
- DNS ASK ip###ger.com
- DNS ASK ch####p.dyndns.org
- ClassName: 'MouseZ' WindowName: 'Magellan MSWHEEL'
- '<Current directory>\swika.exe' -a cryptonight/r -k --max-cpu-usage=50 --donate-level=1 -o ElenaYurevnaIchetovkina.ru:8080
- '<Full path to file>' ' (with hidden window)
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv