Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'l' = '"%APPDATA%\9 9\l3.lnk"'
- %HOMEPATH%\Start Menu\Programs\Startup\cwwer.lnk
- '%APPDATA%\9 9\svchost.exe' "-o" "http://eu.#####emining.com:8344" "-u" "Pl0xd_worker1" "-p" "workerpass1"
- '%APPDATA%\9 9\j.exe' "%APPDATA%\9 9\svchost.exe" -o http://eu.#####emining.com:8344 -u Pl0xd_worker1 -p workerpass1
- '<SYSTEM32>\reg.exe' add HKLM\software\microsoft\windows\currentversion\run /v l /d "\"%APPDATA%\9 9\l3.lnk\"" /f
- '<SYSTEM32>\taskkill.exe' /im svchost.exe
- %APPDATA%\9 9\OpenCL.dll
- %APPDATA%\9 9\phatk120213.cl
- %APPDATA%\9 9\NEWS.txt
- %APPDATA%\9 9\linux-usb-cgminer.txt
- %APPDATA%\9 9\miner.php
- %APPDATA%\9 9\poclbm120214.cl
- %APPDATA%\9 9\svchost.exe
- %APPDATA%\9 9\tk.lnk
- %APPDATA%\9 9\README.txt
- %APPDATA%\9 9\pthreadGC2.dll
- %APPDATA%\9 9\r.lnk
- %APPDATA%\9 9\libpdcurses.dll
- %APPDATA%\9 9\API.java
- %APPDATA%\9 9\AUTHORS.txt
- %APPDATA%\9 9\API.class
- %APPDATA%\9 9\api-example.c
- %APPDATA%\9 9\api-example.php
- %APPDATA%\9 9\ChangeLog.txt
- %APPDATA%\9 9\l3.lnk
- %APPDATA%\9 9\libcurl-4.dll
- %APPDATA%\9 9\j.exe
- %APPDATA%\9 9\COPYING.txt
- %APPDATA%\9 9\example.conf
- 'eu.###plemining.com':8344
- DNS ASK eu.###plemining.com
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'