Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Service3.exe' = 'C:\Documents and Settings\LocalService\Application Data\sys\Service3.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Service3.exe' = '%APPDATA%\sys\Service3.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Service3] 'ImagePath' = '"%APPDATA%\sys\Service3.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\Service3] 'Start' = '00000002'
- '%APPDATA%\sys\Service3.exe'
- '<SYSTEM32>\sc.exe' start "Service3"
- '<SYSTEM32>\cmd.exe' /c C:\Documents and Settings\LocalService\Application Data\sys\blob.exe -o stratum+tcp://pool.minexmr.com:4444,5555 -u 46P25kMYo1uQS6Xgx96xhuB13MGbt2btM76mkMVa1QVF2GeP5gsEUDebue5b6avAdzPF1D1LCY...
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\sys\blob.exe -o stratum+tcp://pool.minexmr.com:4444,5555 -u 46P25kMYo1uQS6Xgx96xhuB13MGbt2btM76mkMVa1QVF2GeP5gsEUDebue5b6avAdzPF1D1LCYUG9YPkEBhsuJ5tLsVp1T4.E315CCCC19_3 -p x
- '<SYSTEM32>\cmd.exe' /c sc start "Service3"
- C:\SessionChange_13.11.2017 _ 09.29.18.log
- C:\Documents and Settings\LocalService\Application Data\sys\blob.exe
- C:\Documents and Settings\LocalService\Application Data\sys\Service3.exe
- C:\SessionChange_13.11.2017 _ 09.29.05.log
- %APPDATA%\sys\blob.exe
- %APPDATA%\sys\Service3.exe