Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'system' = '"%APPDATA%\system\systemservice.exe" '
- system.exe
- %APPDATA%\system\libcurl-4.dll
- %APPDATA%\system\libeay32.dll
- %APPDATA%\system\libidn-11.dll
- %APPDATA%\system\librtmp.dll
- %APPDATA%\system\libssh2.dll
- %APPDATA%\system\ssleay32.dll
- %APPDATA%\system\zlib1.dll
- %APPDATA%\system\diablo130302.cl
- %APPDATA%\system\diakgcn121016.cl
- %APPDATA%\system\phatk121016.cl
- %APPDATA%\system\poclbm130302.cl
- %APPDATA%\system\scrypt130511.cl
- %APPDATA%\system\opencl.dll
- %APPDATA%\system\system.exe
- %APPDATA%\system\libwinpthread-1.dll
- %APPDATA%\system\systemservice.exe
- http://li#####npool.org:3333/ via li####inpool.org
- DNS ASK li####inpool.org
- '%APPDATA%\system\system.exe' -o litecoinpool.org:3333 -u natsudragneel.1 -p 1
- '%APPDATA%\system\system.exe' --scrypt -o litecoinpool.org:3333 -u natsudragneel.1 -p 1
- '%APPDATA%\system\system.exe' -o litecoinpool.org:3333 -u natsudragneel.1 -p 1' (with hidden window)
- '%APPDATA%\system\system.exe' --scrypt -o litecoinpool.org:3333 -u natsudragneel.1 -p 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe'