Техническая информация
- '<SYSTEM32>\cmd.exe' /c C:\mkxxxxosrw.bat
- '<SYSTEM32>\tskill.exe' /A sxmxss
- '<SYSTEM32>\taskkill.exe' /f /im MsMpEng.exe
- '<SYSTEM32>\tskill.exe' /A MsMpEng.exe
- '<SYSTEM32>\taskkill.exe' /f /im coin-miner.exe
- '<SYSTEM32>\reg.exe' add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v LocalSys /d C:\Users\Public\sxmxss.exe /f
- '<SYSTEM32>\taskkill.exe' /f /im sxmxss.exe
- '<SYSTEM32>\tskill.exe' /A coin-miner
- '<SYSTEM32>\taskkill.exe' /f /im mbam.exe
- '<SYSTEM32>\tskill.exe' /A mbam
- '<SYSTEM32>\taskkill.exe' /f /im taskmgr.exe
- '<SYSTEM32>\tskill.exe' /A taskmgr
- '<SYSTEM32>\taskkill.exe' /f /im msseces.exe
- '<SYSTEM32>\tskill.exe' /A msseces
- '<SYSTEM32>\taskkill.exe' /f /im mbamgui.exe
- '<SYSTEM32>\tskill.exe' /A mbamgui
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- C:\Users\Public\sxmxss.exe
- C:\Users\Public\instzlzNBxzcm.txt
- %ALLUSERSPROFILE%\Application Data\TEMP:D56FBB0B
- C:\mkxxxxosrw.bat
- '1j####.no-ip.org':21
- 'localhost':1036
- DNS ASK 1j####.no-ip.org
- ClassName: '' WindowName: ''