Техническая информация
- [<HKLM>\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] 'AGAOMGIOMGAOMGI' = '%TEMP%\system.exe'
- %WINDIR%\explorer.exe
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %TEMP%\system.exe
- %TEMP%\system.exe
- 'xm#.###l.minergate.com':45700
- DNS ASK xm#.###l.minergate.com
- DNS ASK go.microsoft.com
- DNS ASK settings-win.data.microsoft.com
- DNS ASK share.microsoft.com
- ClassName: 'Registry Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: 'File Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- ClassName: 'Process Monitor - Sysinternals: www.sysinternals.com' WindowName: ''
- '%TEMP%\system.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45700 -u happyhubertpvp@gmail.com -t 1
- '%TEMP%\system.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45700 -u happyhubertpvp@gmail.com -t 1' (со скрытым окном)
- '<SYSTEM32>\devicecensus.exe' UserCxt