Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = '"%PROGRAMDATA%\miner.exe"'
- %TEMP%\aa2.tmp\i64.bat
- %TEMP%\aa2.tmp\miner.exe
- nul
- %PROGRAMDATA%\miner.exe
- %TEMP%\25db.tmp\miner.bat
- %TEMP%\25db.tmp\minerd.exe
- %TEMP%\25db.tmp\pthreadgc2.dll
- %TEMP%\25db.tmp\libcurl-4.dll
- %PROGRAMDATA%\miner.exe
- %TEMP%\25db.tmp\miner.bat
- %TEMP%\aa2.tmp\i64.bat
- 'li####inpool.org':9332
- DNS ASK li####inpool.org
- '%PROGRAMDATA%\miner.exe'
- '%TEMP%\25db.tmp\minerd.exe' --url http://li#####npool.org:9332/ --userpass Cabrera23.Pool:1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\AA2.tmp\i64.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\25DB.tmp\miner.bat" "' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\AA2.tmp\i64.bat" "
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 5
- '<SYSTEM32>\reg.exe' ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /ve /t reg_sz /d "\"%PROGRAMDATA%\miner.exe\""
- '<SYSTEM32>\attrib.exe' +h +s "%PROGRAMDATA%\miner.exe"
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\find.exe' /I "minerd"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\25DB.tmp\miner.bat" "