Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows NT Login Application' = '%APPDATA%\winlogons.exe'
- '%APPDATA%\bits\minerd.exe' --algo scrypt -q --scantime 4 --threads 1 --retries 1000 --url http://po##.###e-me-ltc.com:8080 --userpass nigg.1:x
- '%APPDATA%\winlogons.exe'
- '%APPDATA%\bits\minerd.exe' (загружен из сети Интернет)
- %APPDATA%\bits\libcurl-4.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pthreadGC2[1].dll
- %APPDATA%\bits\pthreadGC2.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\libcurl-4[1].dll
- %APPDATA%\winlogons.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\minerd[1].exe
- %APPDATA%\bits\minerd.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\pthreadGC2[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\libcurl-4[1].dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\minerd[1].exe
- '93.##4.93.98':80
- 93.##4.93.98/pthreadGC2.dll
- 93.##4.93.98/libcurl-4.dll
- 93.##4.93.98/minerd.exe
- ClassName: 'Indicator' WindowName: ''