Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ty563' = '%APPDATA%\server\platforms.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'o74432' = '%APPDATA%\server\platforms.exe'
- %APPDATA%\server\Qt5Gui.dll
- %APPDATA%\server\Qt5Network.dll
- %APPDATA%\server\Qt5Core.dll
- %APPDATA%\server\msvcr120.dll
- %APPDATA%\server\OpenCL.dll
- %APPDATA%\server\ssleay32.dll
- %APPDATA%\server\vccorlib120.dll
- %APPDATA%\server\platforms.exe
- %APPDATA%\server\Qt5WebSockets.dll
- %APPDATA%\server\Qt5Widgets.dll
- %TEMP%\$inst\0001.tmp
- %APPDATA%\server\imageformats\qico.dll
- %APPDATA%\server\cudart32_80.dll
- %APPDATA%\server\platforms\qwindows.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\server\minergate.exe
- %APPDATA%\server\msvcp120.dll
- %APPDATA%\server\libeay32.dll
- %APPDATA%\server\cudart64_80.dll
- %APPDATA%\server\Flashtask.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\temp_0.tmp
- '<SYSTEM32>\schtasks.exe' /create /RL HIGHEST /sc minute /mo 5 /tn "\Microsoft\Windows\system\ruasadmin" /tr "%APPDATA%\server\platforms.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /RL LIMITED /sc minute /mo 30 /tn "\Microsoft\Windows\system\r" /tr "%APPDATA%\server\platforms.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /RL LIMITED /sc minute /mo 10 /tn "\Microsoft\Windows\comhosts\runco" /tr "%APPDATA%\server\platforms.exe" /F