Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\Runme.vbs.lnk
- '%APPDATA%\svchost.exe' -o http://Ze###########made:1231@eu.triplemining.com:8344 -g no -t 2 -T 55
- '%APPDATA%\svchost.exe' -o http://ne############:password1@eu1.triplemining.com:8344 -i 2 -t 2 -T 55
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Runme.vbs"
- %APPDATA%\btc.il
- %APPDATA%\coinutil.dll
- %APPDATA%\svchost.exe
- %APPDATA%\phatk.cl
- %APPDATA%\usft_ext.dll
- %APPDATA%\miner.dll
- %APPDATA%\phatk.ptx
- %APPDATA%\Runme.vbs
- 'eu.###plemining.com':8344
- DNS ASK eu.###plemining.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'