Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Load' = '%APPDATA%\Roaming\msupd.exe'
- '%APPDATA%\Roaming\cgminer.exe' --scrypt -o stratum+tcp://doge.cryptoculture.net:22555 -u Yassinb1.Yassinb1 -p Complex123 -I 13
- '%APPDATA%\Roaming\minerd.exe' -o stratum+tcp://doge.cryptoculture.net:22555 -u Yassinb1.Yassinb1 -p Complex123
- '%TEMP%\msupd.exe'
- '%TEMP%\miner.exe' -pqwerty
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ /f /v Load /t REG_SZ /d %APPDATA%\Roaming\msupd.exe
- %APPDATA%\Roaming\phatk121016.cl
- %APPDATA%\Roaming\minerd.exe
- %APPDATA%\Roaming\libcurl-4.dll
- %APPDATA%\Roaming\poclbm130302.cl
- %APPDATA%\Roaming\zlib1.dll
- %APPDATA%\Roaming\scrypt130511.cl
- %APPDATA%\Roaming\pthreadGC2.dll
- %APPDATA%\Roaming\cgminer.exe
- %TEMP%\aut3208.tmp
- %TEMP%\msupd.exe
- %TEMP%\aut2B92.tmp
- %TEMP%\res.ico
- %APPDATA%\Roaming\msupd.exe
- %TEMP%\miner.exe
- %TEMP%\res.ico2
- %TEMP%\aut3208.tmp
- %TEMP%\aut2B92.tmp
- 'do##.##yptoculture.net':22555
- DNS ASK dn#.##ftncsi.com
- DNS ASK do##.##yptoculture.net
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'