Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'gtcllxcfnibemqjscko' = '%APPDATA%\gtcllxcfnibemqjscko.exe'
- %TEMP%\axmepalnb.exe
- %TEMP%\.exe
- %TEMP%\axmepalnb.exe
- %APPDATA%\gtcllxcfnibemqjscko.exe
- %TEMP%\.exe
- 'po##.50btc.com':8332
- DNS ASK po##.50btc.com
- ClassName: 'Indicator' WindowName: ''