Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%HOMEPATH%\My Documents\Windows\svchost.exe'
- %HOMEPATH%\My Documents\Windows\winsvchost.exe -t 1 -o http://m.#############l.com_vital:asd123@pit.deepbit.net:8332
- %HOMEPATH%\My Documents\Windows\svchost.exe
- %HOMEPATH%\My Documents\Windows\winsvchost.exe (загружен из сети Интернет)
- %HOMEPATH%\My Documents\Windows\usft_ext.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\usft_ext[1].txt
- %HOMEPATH%\My Documents\Windows\phatk.ptx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\phatk[1].txt
- %HOMEPATH%\My Documents\Windows\miner.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\main[1].txt
- %HOMEPATH%\My Documents\Windows\svchost.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\miner[1].txt
- %HOMEPATH%\My Documents\Windows\winsvchost.exe
- '37.##1.160.56':80
- 'localhost':1036
- 37.##1.160.56/u/usft_ext.txt
- 37.##1.160.56/u/phatk.txt
- 37.##1.160.56/u/main.txt
- 37.##1.160.56/u/miner.txt
- ClassName: 'Indicator' WindowName: ''