Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHttpAutoProxySupports] 'ImagePath' = '<SYSTEM32>\csrss.exc'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinHttpAutoProxySupports] 'Start' = '00000002'
- <Текущая директория>\monitor.exe
- <Текущая директория>\xmrig.exe
- <Текущая директория>\install.bat
- <SYSTEM32>\csrss.exc
- <SYSTEM32>\svchost.exc
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\install.bat" "
- '<SYSTEM32>\mshta.exe' vbscript:createobject("wscript.shell").run("""install.bat"" h",0)(window.close)
- '<SYSTEM32>\cmd.exe' /c ""<Текущая директория>\install.bat" h"
- '<SYSTEM32>\sc.exe' create WinHttpAutoProxySupports binPath= "<SYSTEM32>\csrss.exc"
- '<SYSTEM32>\sc.exe' config WinHttpAutoProxySupports start= AUTO
- '<SYSTEM32>\net.exe' start WinHttpAutoProxySupports
- '<SYSTEM32>\net1.exe' start WinHttpAutoProxySupports