Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'wincg' = '%WINDIR%\temp\svchost.exe'
- %WINDIR%\Temp\wininiit.exe -o http://po##.###clockers.com:8332 -u Apach -p 03112004
- %WINDIR%\Temp\svchost.exe
- <SYSTEM32>\cmd.exe /c %WINDIR%\Temp\exe.bat
- %WINDIR%\Temp\poclbm110816.cl
- %WINDIR%\Temp\phatk110816.cl
- %WINDIR%\Temp\libpthread-2.dll
- %WINDIR%\Temp\exe.bat
- %WINDIR%\Temp\settings.txt
- %WINDIR%\Temp\svchost.exe
- <SYSTEM32>\OpenCL.dll
- <LS_APPDATA>\Microsoft\Windows Media\9.0\WMSDKNSD.XML
- <LS_APPDATA>\Microsoft\Windows Media\9.0\WMSDKNS.XML.bak
- %WINDIR%\Temp\libpdcurses.dll
- %WINDIR%\Temp\libcurl-4.dll
- %WINDIR%\Temp\wininiit.exe
- <LS_APPDATA>\Microsoft\Windows Media\9.0\WMSDKNS.XML.bak
- 'po##.##tclockers.com':8332
- DNS ASK po##.##tclockers.com