Техническая информация
- <SYSTEM32>\tasks\update service for windows service
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %TEMP%\WinRing0x64.sys
- '%TEMP%\sysupdate.exe'
- %TEMP%\sysupdate.exe
- %TEMP%\config.json
- http://95.##2.39.135/xmrig.exe
- http://95.##2.39.135/config.json
- '%TEMP%\sysupdate.exe' ' (со скрытым окном)
- '<SYSTEM32>\xcopy.exe' /y %TEMP%\update.ps1 %HOMEPATH%\update.ps1
- '<SYSTEM32>\schtasks.exe' /Create /SC MINUTE /TN "Update service for Windows Service" /TR "PowerShell.exe -ExecutionPolicy bypass -windowstyle hidden -File %HOMEPATH%\update.ps1" /MO 30 /F