Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'ty563' = '%APPDATA%\xserver\platforms.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'o74432' = '%APPDATA%\xserver\platforms.exe'
- '<SYSTEM32>\taskkill.exe' -im minergate.exe -f
- '<SYSTEM32>\taskkill.exe' -im platforms.exe -f
- %APPDATA%\xserver\Qt5Network.dll
- %APPDATA%\xserver\Qt5WebSockets.dll
- %TEMP%\$inst\0001.tmp
- %APPDATA%\xserver\Qt5Gui.dll
- %APPDATA%\xserver\Qt5Widgets.dll
- %APPDATA%\xserver\platforms\qwindows.dll
- %APPDATA%\xserver\imageformats\qico.dll
- %APPDATA%\xserver\ssleay32.dll
- %APPDATA%\xserver\vccorlib120.dll
- %APPDATA%\xserver\Qt5Core.dll
- %APPDATA%\xserver\cudart64_80.dll
- %APPDATA%\xserver\libeay32.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %APPDATA%\xserver\minergate.exe
- %APPDATA%\xserver\OpenCL.dll
- %APPDATA%\xserver\platforms.exe
- %APPDATA%\xserver\msvcp120.dll
- %APPDATA%\xserver\msvcr120.dll
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\temp_0.tmp
- ClassName: '' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /create /RL HIGHEST /sc minute /mo 5 /tn "\Microsoft\Windows\system\ruasadmin" /tr "%APPDATA%\xserver\platforms.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /RL LIMITED /sc minute /mo 30 /tn "\Microsoft\Windows\system\r" /tr "%APPDATA%\xserver\platforms.exe" /F
- '<SYSTEM32>\schtasks.exe' /create /RL LIMITED /sc minute /mo 10 /tn "\Microsoft\Windows\comhosts\runco" /tr "%APPDATA%\xserver\platforms.exe" /F