Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '%APPDATA%\Services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Services.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\services.exe
- <SYSTEM32>\svchost.exe
- %APPDATA%\services.exe
- %APPDATA%\tempservices.exe
- %APPDATA%\tempservices.exe
- 'te#######are-48167.portmap.io':48167
- DNS ASK gu##.##neroocean.stream
- DNS ASK ra#.####ubusercontent.com
- DNS ASK te#######are-48167.portmap.io
- '%APPDATA%\services.exe'
- '%APPDATA%\tempservices.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\startup\services.exe'
- '<SYSTEM32>\svchost.exe' -B --donate-level=5 -a cryptonight --url=gulf.moneroocean.stream:80 -u 44xqcr2bjhwRQhiTSkoUhRhCtkMLBZ4ft1wGABU4MbQXiKyGnscafxfXtcXUE6KndcPqdUsEFMt6PVPydwD51f3URMK6M1t -p ZmVyZGkxMjM= -R --varia...