Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%APPDATA%\Google\Libs\WR64.sys'
- 'WinRing0_1_2_0' %APPDATA%\Google\Libs\WR64.sys
- <SYSTEM32>\svchost.exe
- %APPDATA%\google\libs\wr64.sys
- 'xm#.#miners.com':12222
- 'mi#####ftrpgserver.com':443
- http://mi######trpgserver.com:443/api/endpoint.php via mi#####ftrpgserver.com
- 'xm#.#miners.com':12222
- DNS ASK xm#.#miners.com
- DNS ASK mi#####ftrpgserver.com
- '<SYSTEM32>\svchost.exe' gifqwckhybtlvz1 6E3sjfZq2rJQaxvLPmXgsA4f0StS9pic9Xw++oZ1mnbMNdSoXP4ts/KtNDhUPQkUfZN9DuEgllx4nisTvbxFunMfE63/wfj9DRS/1bpX0+vNWJvaIiD6hTmGpemnPPBdDKqYHBh/pWK88wRs78vgTeb1gji7xqOFjJHivBgpWaGKsjhV0...