Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Framework' = '<SYSTEM32>\svhst.exe'
- '%HOMEPATH%\My Documents\Windows\winsvhst.exe' -t 2 -o http://el###########assword@pool.bitclockers.com:8332
- '<SYSTEM32>\svhst.exe'
- '%HOMEPATH%\My Documents\Windows\winsvhst.exe' (загружен из сети Интернет)
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\phatk[1].txt
- %HOMEPATH%\My Documents\Windows\usft_ext.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\usft_ext[1].txt
- %HOMEPATH%\My Documents\Windows\phatk.cl
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\phatk[1].cl
- %HOMEPATH%\My Documents\Windows\phatk.ptx
- %HOMEPATH%\My Documents\Windows\winsvhst.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\main[1].txt
- <SYSTEM32>\svhst.exe
- %HOMEPATH%\My Documents\Windows\miner.dll
- %HOMEPATH%\My Documents\Windows\tmp.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\m[1].txt
- '14#.0.36.38':80
- 'localhost':1036
- 14#.0.36.38/u/phatk.txt
- 14#.0.36.38/u/phatk.cl
- 14#.0.36.38/u/usft_ext.txt
- 14#.0.36.38/u/main.txt
- 14#.0.36.38/u/m.txt
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'