Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdobeReader' = '%APPDATA%\server\runhosts.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'runhosts' = '%APPDATA%\server\runhosts.exe'
- '%APPDATA%\server\runhosts.exe'
- '<SYSTEM32>\schtasks.exe' /create /RL LIMITED /sc minute /mo 30 /tn "\Microsoft\Windows\system\r" /tr "%APPDATA%\server\runhosts.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /RL LIMITED /sc minute /mo 10 /tn "\Microsoft\Windows\comhosts\runco" /tr "%APPDATA%\server\runhosts.exe" /F
- %APPDATA%\server\Qt5Network.dll
- %APPDATA%\server\Qt5WebSockets.dll
- %APPDATA%\server\Qt5Gui.dll
- %APPDATA%\server\OpenCL.dll
- %APPDATA%\server\Qt5Core.dll
- %APPDATA%\server\Qt5Widgets.dll
- %APPDATA%\server\minergate.exe
- %TEMP%\$inst\0001.tmp
- %APPDATA%\server\runhosts.exe
- %APPDATA%\server\ssleay32.dll
- %APPDATA%\server\vccorlib120.dll
- %APPDATA%\server\msvcr120.dll
- %HOMEPATH%\AppData\Local\minergate\pools.config
- %HOMEPATH%\AppData\Local\minergate\bestgadjet@inbox.ru.achievements
- %HOMEPATH%\AppData\Local\minergate\miners.ini
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\server\ud.ini
- %APPDATA%\server\libeay32.dll
- %APPDATA%\server\msvcp120.dll
- %APPDATA%\server\cudart32_80.dll
- %APPDATA%\server\platforms\qwindows.dll
- %APPDATA%\server\imageformats\qico.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\temp_0.tmp
- 'xm###st.info':80
- http://xm###st.info/mgauth/mgauth.php
- DNS ASK xm###st.info