Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskmanager' = '%APPDATA%\Roaming\viKgs\ltc.exe'
- '%APPDATA%\Roaming\viKgs\taskmanager.exe' -o hobbleminer.zapto.org:8332 -O Gpu:x
- '%APPDATA%\Roaming\viKgs\taskmanager.exe' (загружен из сети Интернет)
- '<SYSTEM32>\wsqmcons.exe'
- '<SYSTEM32>\rundll32.exe' dfdts.dll,DfdGetDefaultPolicyAndSMART
- '<SYSTEM32>\schtasks.exe' /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
- '<SYSTEM32>\sc.exe' start w32time task_started
- '<SYSTEM32>\sdclt.exe' /CONFIGNOTIFICATION
- '<SYSTEM32>\taskhost.exe' $(Arg0)
- %APPDATA%\Roaming\viKgs\ltc.exe
- C:\ProgramData\Microsoft\RAC\Temp\sqlD393.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlD4BD.tmp
- %APPDATA%\Roaming\viKgs\taskmanager.exe
- %APPDATA%\Roaming\viKgs\libcurl-4.dll
- %APPDATA%\Roaming\viKgs\pthreadGC2.dll
- C:\ProgramData\Microsoft\RAC\Temp\sqlD393.tmp
- C:\ProgramData\Microsoft\RAC\Temp\sqlD4BD.tmp
- 'in###ious.pw':80
- in###ious.pw/ltcfiles/pthreadGC2.dll
- in###ious.pw/ltcfiles/libcurl-4.dll
- in###ious.pw/ltcfiles/minerd.exe
- DNS ASK ti##.#indows.com
- DNS ASK in###ious.pw
- 'ti##.#indows.com':123
- ClassName: 'Indicator' WindowName: '(null)'