- HEUR:Trojan-Ransom.MSIL.Crypmod.gen -> \4d6963726f736f667420557064617465722e657865
- Trojan.MSIL.BitMiner.abv -> c:\users\pc\appdata\local\temp\start.exe ( DrWEB: Trojan.Starter.3325, BitDefender: Gen:Variant.Kazy.430118, AVAST4: Win32:Dropper-gen [Drp] )