Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HbnzBskxWn' = '"<LS_APPDATA>\FUSCyzzwws\svchost.exe"'
- <SYSTEM32>\svchost.exe
- %TEMP%\RarSFX1\svchost.exe
- <LS_APPDATA>\FUSCyzzwws\svchost.exe
- %TEMP%\RarSFX0\tv.bat
- %TEMP%\RarSFX0\svchost.sfx.exe
- 'po##.#upportxmr.com':3333
- DNS ASK po##.#upportxmr.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX1\svchost.exe'
- '%TEMP%\RarSFX0\svchost.sfx.exe' -pabc123 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\svchost.exe' -o pool.supportxmr.com:3333 -u 47MjFcH1J7hC9cUmR4L1aUJGKzcRfto6t8C9enzrzdpdEJrB4EdnrYm4QBAyrz5zRU7jLVJmDkah9MbpGfSNM5nsAo1Zf8p -p techworker:techypitbull@tutanota.com -v 0 -t 2
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\tv.bat" "