Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'IntelUpdate' = 'C:\ProgramData\Intel\IntelUpdate\rundll32.lnk'
- 'C:\ProgramData\Intel\IntelUpdate\rundll32.exe' -a 15 -g no -o http://eu.#####emining.com:8344 -u andrijav_andrija -p 31101991 -t 2
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Intel\IntelUpdate\asf.bat" "
- '<SYSTEM32>\reg.exe' add HKCU\software\microsoft\windows\currentversion\run /v IntelUpdate /d "C:\ProgramData\Intel\IntelUpdate\rundll32.lnk" /f
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Intel\IntelUpdate\rundll32.vbs"
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Intel\IntelUpdate\interop.vbs"
- C:\ProgramData\Intel\IntelUpdate\rundll32.lnk
- C:\ProgramData\Intel\IntelUpdate\rundll32.exe
- C:\ProgramData\Intel\IntelUpdate\usft_ext.dll
- C:\ProgramData\Intel\IntelUpdate\rundll32.vbs
- C:\ProgramData\Intel\IntelUpdate\miner.dll
- C:\ProgramData\Intel\IntelUpdate\coinutil.dll
- C:\ProgramData\Intel\IntelUpdate\asf.bat
- C:\ProgramData\Intel\IntelUpdate\interop.vbs
- C:\ProgramData\Intel\IntelUpdate\interop.coineng.dll
- 'eu.###plemining.com':8344
- DNS ASK eu.###plemining.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''