Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'AntivirusltcUpddates' = '"%APPDATA%\fpool\fpool.exe"'
- '%APPDATA%\fpool\minerd.exe' --algo scrypt --s 6 --threads 2 --url http://fe#####pool.com:9999 --userpass happyworld3000.1:x
- '%APPDATA%\fpool\fpool.exe'
- '<SYSTEM32>\reg.exe' add HKCU\software\microsoft\windows\currentversion\run /v AntivirusltcUpddates /d "\"%APPDATA%\fpool\fpool.exe\"" /f
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\fpool\start.bat" "
- %APPDATA%\fpool\minerd.exe
- %APPDATA%\fpool\fpool.exe
- %APPDATA%\fpool\start.bat
- %APPDATA%\fpool\libcurl-4.dll
- %APPDATA%\fpool\pthreadGC2.dll
- 'fe###erpool.com':9999
- DNS ASK fe###erpool.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''