Техническая информация
- '%APPDATA%\Roaming\WindowsHelp\shell.exe' -a sha256 -o stratum+tcp://stratum.bitcoin.cz:3333 -u syncrude.worker1 -p 8avHuCXw -t 0 -I 10
- '%APPDATA%\Roaming\WindowsHelp\macromedia.exe' -a scrypt -o http://19#.##1.176.12:8332 -u Kingz.2 -p x -g no -t 7
- '<SYSTEM32>\taskkill.exe' /f /im "macromedia.exe"
- '<SYSTEM32>\taskkill.exe' /im "shell.exe"
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\taskkill.exe' /f /im "cscript.exe"
- '<SYSTEM32>\taskkill.exe' /im Shell.exe
- '<SYSTEM32>\taskkill.exe' /im macromedia.exe
- '<SYSTEM32>\PING.EXE' -n 5 127.0.0.1
- '<SYSTEM32>\cscript.exe' usft_ext.exe.vbs
- '<SYSTEM32>\taskkill.exe' /f /im "wscript.exe"
- '<SYSTEM32>\sc.exe' start w32time task_started
- '<SYSTEM32>\wscript.exe' puts.vbs
- '<SYSTEM32>\taskkill.exe' /im "Mousdurenekunox"
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\sdclt.exe' /CONFIGNOTIFICATION
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part35
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part34
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part36
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part38
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part37
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part33
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part3
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part29
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part30
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part32
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part31
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part45
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part44
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part46
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part48
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part47
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part43
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part4
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part39
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part40
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part42
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part41
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part15
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part14
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part16
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part18
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part17
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part13
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part1
- %APPDATA%\Roaming\WindowsHelp\shel\compile.bat
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part10
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part12
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part11
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part25
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part24
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part26
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part28
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part27
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part23
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part2
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part19
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part20
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part22
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part21
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part49
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part76
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part75
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part77
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part79
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part78
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part74
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part70
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part7
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part71
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part73
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part72
- C:\ProgramData\Microsoft\RAC\Temp\sqlBC8A.tmp
- %APPDATA%\Roaming\WindowsHelp\usft_ext.exe.vbs
- C:\ProgramData\Microsoft\RAC\Temp\sqlBD08.tmp
- %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Minecraft.lnk
- %APPDATA%\Roaming\WindowsHelp\usft_ext.dll
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part80
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part8
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part81
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part9
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part82
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part56
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part55
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part57
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part59
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part58
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part54
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part50
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part5
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part51
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part53
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part52
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part66
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part65
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part67
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part69
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part68
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part64
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part60
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part6
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part61
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part63
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part62
- %APPDATA%\Roaming\WindowsHelp\puts.vbs
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part33
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part32
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part34
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part36
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part35
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part31
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part28
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part27
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part29
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part30
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part3
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part43
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part42
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part44
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part46
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part45
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part41
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part38
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part37
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part39
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part40
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part4
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part13
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part12
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part14
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part16
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part15
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part11
- %APPDATA%\Roaming\WindowsHelp\killer.bat
- %APPDATA%\Roaming\WindowsHelp\coinutil.dll
- %APPDATA%\Roaming\WindowsHelp\macro\compile.bat
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part10
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part1
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part23
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part22
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part24
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part26
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part25
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part21
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part18
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part17
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part19
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part20
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part2
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part47
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part74
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part73
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part75
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part77
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part76
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part72
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part69
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part68
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part7
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part71
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part70
- %APPDATA%\Roaming\WindowsHelp\miner.dll
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part9
- %APPDATA%\Roaming\WindowsHelp\openssl.dll
- %APPDATA%\Roaming\WindowsHelp\phatk.ptx
- %APPDATA%\Roaming\WindowsHelp\phatk.cl
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part82
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part79
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part78
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part8
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part81
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part80
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part54
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part53
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part55
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part57
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part56
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part52
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part49
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part48
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part5
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part51
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part50
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part64
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part63
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part65
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part67
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part66
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part62
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part59
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part58
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part6
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part61
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part60
- C:\ProgramData\Microsoft\RAC\Temp\sqlBC8A.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlBD08.tmp
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe_part1 в %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe
- %APPDATA%\Roaming\WindowsHelp\macro\macromedia.exe в %APPDATA%\Roaming\WindowsHelp\macromedia.exe
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe_part1 в %APPDATA%\Roaming\WindowsHelp\shel\shell.exe
- %APPDATA%\Roaming\WindowsHelp\shel\shell.exe в %APPDATA%\Roaming\WindowsHelp\shell.exe
- '19#.#41.176.12':8332
- 'st####m.bitcoin.cz':3333
- DNS ASK st####m.bitcoin.cz
- DNS ASK dn#.##ftncsi.com
- DNS ASK ti##.#indows.com
- 'ti##.#indows.com':123
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'