Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\xmedeg] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\xmedeg] 'ImagePath' = '%WINDIR%\debug\lsass.exe'
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%WINDIR%\debug\WinRing0x64.sys'
- 'xmedeg' %WINDIR%\debug\lsass.exe
- 'WinRing0_1_2_0' %WINDIR%\debug\WinRing0x64.sys
- %WINDIR%\debug\start.bat
- %WINDIR%\debug\svchost.exe
- %WINDIR%\debug\winring0x64.sys
- %WINDIR%\debug\config.json
- %WINDIR%\debug\lsass.exe
- %WINDIR%\debug\lsass.exe
- %WINDIR%\debug\svchost.exe
- 'po##.#upportxmr.com':443
- 'po##.#upportxmr.com':443
- DNS ASK po##.#upportxmr.com
- 'localhost':53864
- 'localhost':63446
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\debug\lsass.exe' install xmedeg %WINDIR%\debug\svchost.exe
- '%WINDIR%\debug\lsass.exe' start xmedeg
- '%WINDIR%\debug\lsass.exe'
- '%WINDIR%\debug\svchost.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\debug\start.bat" "
- '%WINDIR%\syswow64\attrib.exe' +s +a +h +r *.exe
- '%WINDIR%\syswow64\attrib.exe' +s +a +h +r *.config