Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'CCleanerUpdateSetup' = '<SYSTEM32>\CCleanerSetup.exe'
- '%TEMP%\CCleanerSetup\setup.exe' --algo scrypt --url http://po##.###e-me-ltc.com:8080 --userpass voltage.CPUSlaves:123456 --threads 4 -s 3
- '<SYSTEM32>\CCleanerSetup.exe'
- %TEMP%\CCleanerSetup\pthreadGC2.dll
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\CCleanerSetup\setup.exe
- %TEMP%\CCleanerSetup\setup.bin
- %TEMP%\CCleanerSetup\libcurl-4.dll
- <SYSTEM32>\CCleanerSetup.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %TEMP%\sqpwmtz
- %TEMP%\aut4.tmp
- %TEMP%\aut5.tmp
- %TEMP%\CCleanerSetup\setup.bin
- %TEMP%\aut3.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\sqpwmtz
- 'po##.##ve-me-ltc.com':8080
- DNS ASK po##.##ve-me-ltc.com
- ClassName: 'Shell_TrayWnd' WindowName: ''