Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'CCleanerSetupFinish' = '<SYSTEM32>\CCleanerSetup.exe'
- '%TEMP%\tmlvrivoyy\setup.exe' --algo scrypt --url http://eu#####.#ive-me-ltc.com:8080 --userpass voltage.71:123456 --threads 4 -s 3
- '<SYSTEM32>\CCleanerSetup.exe'
- %TEMP%\tmlvrivoyy\pthreadGC2.dll
- %TEMP%\aut5.tmp
- %TEMP%\tmlvrivoyy\libcurl-4.dll
- %TEMP%\tmlvrivoyy\setup.exe
- %TEMP%\tmlvrivoyy\setup.bin
- %TEMP%\aut6.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut2.tmp
- %TEMP%\shgknlk
- %TEMP%\aut1.tmp
- %TEMP%\lhqtmss
- %TEMP%\aut3.tmp
- <SYSTEM32>\CCleanerSetup.exe
- %TEMP%\aut5.tmp
- %TEMP%\aut4.tmp
- %TEMP%\tmlvrivoyy\setup.bin
- %TEMP%\aut6.tmp
- %TEMP%\lhqtmss
- %TEMP%\shgknlk
- %TEMP%\aut1.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp
- 'eu#####.give-me-ltc.com':8080
- DNS ASK eu#####.give-me-ltc.com
- ClassName: 'Shell_TrayWnd' WindowName: ''