Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '%TEMP%\Services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Services.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\services.exe
- <SYSTEM32>\svchost.exe
- %TEMP%\services.exe
- %TEMP%\tempservices.exe
- %TEMP%\tempservices.exe
- DNS ASK po##.#upportxmr.com
- DNS ASK ra#.####ubusercontent.com
- DNS ASK te#######are-48167.portmap.io
- '%TEMP%\services.exe'
- '%TEMP%\tempservices.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\startup\services.exe'
- '<SYSTEM32>\svchost.exe' -B --donate-level=5 -a cryptonight --url=pool.supportxmr.com:3333 -u 46NXHc3n19Gh2PkPBdravVJJDBdGeuksyZrqngdBEMrrQH44C8UobGQgPsNHHybx8tXdL36C7srvu542WtuXr9VmHNcXbvY -p test -R --variant=-1 --ma...