Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /im "icacls.exe" /F
- '%WINDIR%\syswow64\taskkill.exe' /im "Taskmg.exe" /F
- %TEMP%\ixp000.tmp\loadhost.cmd
- nul
- %TEMP%\ixp000.tmp\loadhost.cmd
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c "loadhost.cmd"' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c "loadhost.cmd"
- '%WINDIR%\syswow64\attrib.exe' -h -r -s "%ALLUSERSPROFILE%\xmrig.cmd"
- '%WINDIR%\syswow64\choice.exe' /n /c yn /t 1 /d y
- '%WINDIR%\syswow64\attrib.exe' -h -r -s "%ALLUSERSPROFILE%\xmrigg.cmd"
- '%WINDIR%\syswow64\attrib.exe' +h +r +s "%ALLUSERSPROFILE%\xmrigg.cmd"