Tool.BtcMine.1234

Техническая информация

Для обеспечения автозапуска и распространения

Создает или изменяет следующие файлы

%APPDATA%\microsoft\windows\start menu\programs\startup\intelcore.lnk
%APPDATA%\microsoft\windows\start menu\programs\startup\autorun.lnk

Устанавливает следующие настройки сервисов

[HKLM\System\CurrentControlSet\Services\360netmon] 'Start' = '00000001'
[HKLM\System\CurrentControlSet\Services\360netmon] 'ImagePath' = '<DRIVERS>\360netmon.sys'
[HKLM\System\CurrentControlSet\Services\360netmon] 'ImagePath' = 'system32\DRIVERS\360netmon.sys'

Создает следующие сервисы

'360netmon' <DRIVERS>\360netmon.sys

Изменения в файловой системе

Создает следующие файлы

C:\system\autorun.bat
C:\system\360safe\netmon\sysoptm.dll
C:\system\360safe\netmon\support.dat
C:\system\360safe\netmon\perfoptms.dat
C:\system\360safe\netmon\perffp.dat
C:\system\360safe\netmon\perfcloud.dat
C:\system\360safe\netmon\p2spacc.dll
C:\system\360safe\netmon\nmver.dll
C:\system\360safe\netmon\config\themes\xiyangyang2\skin.lwx
C:\system\360safe\netmon\nmjoin.dll
C:\system\360safe\netmon\netspeedtmp.npl
C:\system\360safe\netmon\netspeed.npl
C:\system\360safe\netmon\netspeed.dll
C:\system\360safe\netmon\netmwndctrl.dat
C:\system\360safe\netmon\netmstart.dll
C:\system\360safe\netmon\netmskin.exe
C:\system\360safe\netmon\netmpoptm.dll
C:\system\360safe\netmon\sysmon.dll
C:\system\360safe\netmon\useroptm2.ini
C:\system\360safe\safemon\netmon.tpi
C:\system\360safe\netmon\netmpflux.dll
C:\system\360safe\netmon\videoacclist.dat
C:\system\360safe\safemon\netm.tpi
C:\system\360safe\safemon\dstpi.tpi
C:\system\360safe\safemon\360udiskguard64.dll
C:\system\360safe\safemon\360udiskguard.exe
C:\system\360safe\safemon\360udiskguard.dll
C:\system\360safe\safemon\360uac.dat
C:\system\360safe\safemon\360traymenu.dll
C:\system\360safe\safemon\360trayhangdmp.dmp
C:\system\360safe\safemon\360tray.exe
C:\system\360safe\safemon\360compro.dll
C:\system\360safe\safemon\360bsmon.tpi
C:\system\360safe\pdown.dll
C:\system\360safe\netmon\wifiprotect.dll
C:\system\360safe\netmon\wifi\wifihelper.exe
C:\system\360safe\netmon\widef.dat
C:\system\360safe\netmon\wcntvlive212.dll
C:\system\360safe\netmon\netmpgame.dll
C:\system\360safe\netmon\netspeedtipflag.dat
C:\system\360safe\netmon\netmpclean.dll
C:\system\360safe\netmon\netmonwifi.npk
C:\system\360safe\safemon\obtracer.tpi
C:\system\360safe\netmon\config\circledock\v1\icon4.png
C:\system\360safe\netmon\config\circledock\v1\shadow.png
C:\system\360safe\netmon\config\circledock\v1\round.png
C:\system\360safe\netmon\config\circledock\v1\point.png
C:\system\360safe\netmon\config\circledock\v1\icon9.png
C:\system\360safe\netmon\config\circledock\v1\icon8.png
C:\system\360safe\netmon\config\circledock\v1\icon7.png
C:\system\360safe\netmon\config\circledock\v1\icon6.png
C:\system\360safe\netmon\config\circledock\v1\icon3.png
C:\system\360safe\netmon\config\circledock\v1\tips.png
C:\system\360safe\netmon\config\circledock\v1\icon2.png
C:\system\360safe\netmon\config\circledock\v1\icon1.png
C:\system\360safe\netmon\config\circledock\v1\hoverbg.png
C:\system\360safe\netmon\config\circledock\v1\closebtn.png
C:\system\360safe\netmon\config\circledock\v1\btn9.png
C:\system\360safe\netmon\config\circledock\v1\btn8.png
C:\system\360safe\netmon\config\netman\netman.ui
C:\system\360safe\netmon\config\circledock\v1\btn6.png
C:\system\360safe\netmon\gameidentify.dat
C:\system\360safe\netmon\koolivemod.dll
C:\system\360safe\netmon\netmonsysexamconfig.xml
C:\system\360safe\netmon\config\circledock\v1\skin.xml
C:\system\360safe\netmon\netmonep.dll
C:\system\360safe\netmon\netmlogin.dll
C:\system\360safe\netmon\netmgameicon.dat
C:\system\360safe\netmon\netgm.dll
C:\system\360safe\netmon\netdrv\x64\360netmon_x64.sys
C:\system\360safe\netmon\netdrv\wfp\360netmon_x64_wfp.sys
C:\system\360safe\netmon\netdrv\wfp\360netmon_wfp.sys
C:\system\360safe\netmon\netdrv\60\360netmon_60.sys
C:\system\360safe\netmon\netdrv\50\360netmon_50.sys
C:\system\360safe\netmon\mobileflux.dll
C:\system\360safe\netmon\luckybag\res\tips.png
C:\system\360safe\netmon\luckybag\res\config.xml
C:\system\360safe\netmon\luckybag\res\btn.png
C:\system\360safe\netmon\luckybag\res\animate.png
C:\system\360safe\netmon\lmtps.dat
C:\system\360safe\netmon\gameidentify_inc.dat
C:\system\360safe\netmon\config\circledock\v1\btn7.png
C:\system\360safe\safemon\param.ini
C:\system\xmr\hide_run.vbs
%TEMP%\_mei2482\api-ms-win-core-synch-l1-2-0.dll
%TEMP%\_mei2482\api-ms-win-core-synch-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-string-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-rtlsupport-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-profile-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-processthreads-l1-1-1.dll
%TEMP%\_mei2482\api-ms-win-core-processthreads-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-timezone-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-sysinfo-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-memory-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-localization-l1-2-0.dll
%TEMP%\_mei2482\api-ms-win-core-libraryloader-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-interlocked-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-heap-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-handle-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-file-l2-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-processenvironment-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-errorhandling-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-util-l1-1-0.dll
%TEMP%\_mei2482\ucrtbase.dll
%TEMP%\_mei2482\select.pyd
%TEMP%\_mei2482\python36.dll
%TEMP%\_mei2482\pyexpat.pyd
%TEMP%\_mei2482\intelcore.exe.manifest
%TEMP%\_mei2482\api-ms-win-crt-utility-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-time-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-string-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-stdio-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-runtime-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-process-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-math-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-locale-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-heap-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-filesystem-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-environment-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-crt-convert-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-file-l1-2-0.dll
%TEMP%\_mei2482\api-ms-win-core-namedpipe-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-file-l1-1-0.dll
%TEMP%\_mei2482\api-ms-win-core-debug-l1-1-0.dll
C:\system\360safe\ipc\monstate.dat
C:\system\360safe\sites.dll
C:\system\xmr\config.txt
C:\system\xmr\autorun.exe
C:\system\everything\everything.lng
C:\system\everything\everything.ini
C:\system\everything\everything.exe
C:\system\360safe\utils\winsocklspifsl.reg
C:\system\360safe\utils\winsocklsp.reg
C:\system\360safe\utils\siteuiproxy.dll
C:\system\360safe\utils\shell360ext64.dll
C:\system\360safe\utils\shell360ext.dll
C:\system\360safe\utils\recoverydata.dll
C:\system\360safe\utils\recovery360.exe
C:\system\360safe\utils\lspfix.exe
C:\system\360safe\utils\filesmasher.exe
C:\system\360safe\utils\filelog.log
C:\system\360safe\utils\360udiskcheck.exe
C:\system\xmr\cpu.txt
C:\system\360safe\utils\360dnsopt.exe
C:\system\xmr\libeay32.dll
C:\system\xmr\opencl.dll
C:\system\xmr\ssleay32.dll
%TEMP%\_mei2482\api-ms-win-core-console-l1-1-0.dll
%TEMP%\_mei2482\_ssl.pyd
%TEMP%\_mei2482\_socket.pyd
%TEMP%\_mei2482\_lzma.pyd
%TEMP%\_mei2482\_hashlib.pyd
%TEMP%\_mei2482\_bz2.pyd
%TEMP%\_mei2482\vcruntime140.dll
<DRIVERS>\360netmon.sys
%APPDATA%\360safe\loginfo\new360_tmp_1737746105_2944.log2
nul
%ALLUSERSPROFILE%\╫└├Вµ
C:\system\add_autorun.bat
C:\system\360tray.exe.lnk
C:\system\xmr\xmrstak_opencl_backend.dll
C:\system\xmr\xmrstak_cuda_backend.dll
C:\system\xmr\xmr-stak.exe
%TEMP%\_mei2482\api-ms-win-core-datetime-l1-1-0.dll
C:\system\360safe\netmon\config\circledock\v1\btn4.png
C:\system\360safe\netmon\config\circledock\v1\btn3.png
C:\system\360safe\netmon\config\circledock\v1\btn2.png
C:\system\360safe\config\newui\themes\default\examineuiconfig10.xml
C:\system\360safe\config\newui\themes\default\default_theme.ui
C:\system\360safe\config\newui\themes\default\defaultsoft_theme.xml
C:\system\360safe\config\newui\themes\default\common_font\font_theme.ui
C:\system\360safe\config\newui\themes\default\cleansoft\cleansoft_theme.ui
C:\system\360safe\config\newui\themes\default\checkautorun\checkautorun_theme.ui
C:\system\360safe\config\newui\themes\default\okclean\okcleannew2_theme.ui
C:\system\360safe\config\newui\themes\default\plugincleaner\plugincleaner_theme.ui
C:\system\360safe\config\newui\themes\default\advtool\advtool_theme.xml
C:\system\360safe\config\newui\themes\default\360skinview\360skinview_theme.ui
C:\system\360safe\config\newui\themes\default\360settingcenter\360settingcenter_theme.ui
C:\system\360safe\config\newui\themes\default\360safeguide\skin_config.xml
C:\system\360safe\config\newui\themes\default\360safeguide\360safeguide.ui
C:\system\360safe\config\newui\themes\default\360realpro\360realpro_theme.ui
C:\system\360safe\config\newui\themes\default\360payinsure\360payinsure_theme.ui
C:\system\360safe\config\newui\themes\default\360xpfix\360xpfix_theme.ui
C:\system\360safe\config\newui\themes\default\360unionrestore\360unionrestore_theme.ui
C:\system\360safe\config\newui\themes\default\theme_safecheck.xml
C:\system\360safe\config\newui\themes\default\protectarea\payinsureresex.xml
C:\system\360safe\config\newui\themes\default\theme_cleansoft.xml
C:\system\360safe\config\newui\themes\default\theme_checkautorun.xml
C:\system\360safe\config\newui\themes\default\theme_center.xml
C:\system\360safe\config\newui\themes\default\theme_360unionrestore.xml
C:\system\360safe\config\newui\themes\default\theme_360cleanhelper.xml
C:\system\360safe\config\newui\themes\default\theme.xml
C:\system\360safe\config\newui\themes\default\systemfix\systemfix_theme.ui
C:\system\360safe\config\newui\themes\default\speedupopt\speedupopt_theme.ui
C:\system\360safe\config\newui\themes\default\speedldskin\speedldskin_theme.ui
C:\system\360safe\config\newui\themes\default\skin.jpg
C:\system\360safe\config\newui\themes\default\safeidproxy\safeid_proxy_theme.ui
C:\system\360safe\config\newui\themes\default\safecheck\safecheck_theme.ui
C:\system\360safe\config\newui\themes\default\routersafetpi_theme.xml
C:\system\360safe\config\newui\themes\default\routersafetpi\routersafetpi_theme.ui
C:\system\360safe\config\newui\themes\default\realpro_theme.xml
C:\system\360safe\config\newui\themes\default\protectarea\protectarea_theme.ui
C:\system\360safe\config\newui\themes\default\360netmskin\360netmskin_theme.ui
C:\system\360safe\config\newui\themes\default\360medalwall\360medalwall_theme.ui
C:\system\360safe\config\newui\themes\default\payinsure_theme.xml
C:\system\360safe\config\newui\themes\default\360hipspopwnd\common\window_shadow.png
C:\system\360safe\config\newui\themes\default\360hipspopwnd\common\button_normal.png
C:\system\360safe\360ver.dll
C:\system\usbcopyer.exe
C:\system\360safe\360p2sp.dll
C:\system\360safe\360netul.dll
C:\system\360safe\360netbase.dll
C:\system\360safe\360net.dll
C:\system\360safe\360conf.dll
C:\system\360safe\360common.dll
C:\system\360safe\360base.dll
C:\system\keylog.exe
C:\system\360safe\config\newui\themes\default\theme_plugincleaner.xml
C:\system\intelcore.lnk
C:\system\intelcore.exe
C:\system\hide_everything.vbs
C:\system\firstrun.bat
C:\system\autorun.vbs
C:\system\autorun.lnk
C:\system\360safe\360verify.dll
C:\system\360safe\antirk.dll
C:\system\360safe\config\newui\themes\default\theme_okcleannew2.xml
C:\system\360safe\config\defaultskin\defaultskin.ui
C:\system\360safe\config\config.xml
C:\system\360safe\360util.dll
C:\system\360safe\config\newui\themes\default\360hipspopwnd\1001\1001_wnddef.dat
C:\system\360safe\config\newui\themes\default\360hipspopwnd\1001\1001_theme.xml
C:\system\360safe\config\newui\themes\default\360hipspopwnd\1001\1001_theme.ui
C:\system\360safe\config\newui\themes\default\360downloadfilemgr\360downloadfilemgr_theme.ui
C:\system\360safe\config\newui\themes\default\360defaultsoft\360defaultsoft_theme.ui
C:\system\360safe\config\newui\themes\default\360cleanhelper\360cleanhelper_theme.ui
C:\system\360safe\config\newui\themes\default\360appcustomer_theme.xml
C:\system\360safe\config\newui\themes\default\360appcustomer\360appcustomer_theme.ui
C:\system\360safe\config\newui\compatible\modules\dsmainui.dll\png\dsmainui.dll_png_2249
C:\system\360safe\config\newui\compatible\modules\360udetail.dll\png\360udetail.dll_png_206
C:\system\360safe\config\newui\compatible\defaultskin\miniui.xml
C:\system\360safe\config\newui\compatible\defaultskin\defaultskin_jr.ui
C:\system\360safe\config\lspfix.xml
C:\system\360safe\config\filesmash.xml
C:\system\360safe\config\defaultskin\skin.jpg
C:\system\360safe\config\defaultskin\miniui.xml
C:\system\360safe\config\newui\themes\default\360hipspopwnd\common\button_close.png
C:\system\360safe\config\newui\themes\default\mainframe\image\ico_mobilemgr.png
C:\system\360safe\config\newui\themes\default\theme_safemenu.xml
C:\system\360safe\netmon\360nmvdl.dll
C:\system\360safe\netmon\360netmisc.dll
C:\system\360safe\netmon\360nmvbho.dll
C:\system\360safe\netmon\360nmvanalyze.dll
C:\system\360safe\netmon\360nmvacclist.dll
C:\system\360safe\netmon\360nmfk.dll
C:\system\360safe\netmon\360nmdata.dll
C:\system\360safe\netmon\360nmconnection.dll
C:\system\360safe\netmon\360nmcloudtipui.dll
C:\system\360safe\netmon\360netview.dll
C:\system\360safe\netmon\360nettj.dll
C:\system\360safe\netmon\360nettj.dat
C:\system\360safe\netmon\360netspd3.dat
C:\system\360safe\netmon\360netspd2.dat
C:\system\360safe\netmon\360netrepair.exe
C:\system\360safe\netmon\360netrepair.dat
C:\system\360safe\netmon\360netmonep.dat
C:\system\360safe\netmon\360netmon.ini
C:\system\360safe\config\newui\themes\default\theme_skinview.xml
C:\system\360safe\netmon\360nmvplaylist.dll
C:\system\360safe\netmon\360nmvproxy.dll
C:\system\360safe\netmon\360nmvui.dll
C:\system\360safe\netmon\360perfoptm2.dll
C:\system\360safe\netmon\config\circledock\v1\bg.png
C:\system\360safe\netmon\config\circledock\v1\arrow.png
C:\system\360safe\netmon\config\360ask\360ask_config.xml
C:\system\360safe\netmon\config\360ask\360ask.ui
C:\system\360safe\netmon\changeskin.ini
C:\system\360safe\netmon\3gidentify.dll
C:\system\360safe\netmon\360wvmon.dll
C:\system\360safe\netmon\360webidentify.dll
C:\system\360safe\netmon\360vaccapi.dll
C:\system\360safe\netmon\360tcpview.dll
C:\system\360safe\netmon\360speedtestweblist.dat
C:\system\360safe\netmon\360speedtest.exe
C:\system\360safe\netmon\360speedr.ini
C:\system\360safe\netmon\360qspeed.ini
C:\system\360safe\netmon\360qspeed.exe
C:\system\360safe\netmon\360ps.dll
C:\system\360safe\netmon\config\circledock\v1\btn1.png
%TEMP%\_mei2482\api-ms-win-crt-conio-l1-1-0.dll
%TEMP%\_mei2482\unicodedata.pyd
C:\system\360safe\netmon\360netdr.dll
C:\system\360safe\config\newui\themes\menghuansanjiao\frame.jpg
C:\system\360safe\config\newui\themes\yueliang1013\skin.jpg
C:\system\360safe\config\newui\themes\yueliang1013\skin.ini
C:\system\360safe\config\newui\themes\yueliang1013\frame.jpg
C:\system\360safe\config\newui\themes\skinconfig.xml
C:\system\360safe\config\newui\themes\menghuansanjiao\skin.jpg
C:\system\360safe\config\newui\themes\menghuansanjiao\menghuansanjiao.xml
C:\system\360safe\config\newui\themes\menghuansanjiao\menghuansanjiao.ui
C:\system\360safe\config\newui\themes\huyan\skin.jpg
C:\system\360safe\config\newui\themes\yueliang1013\yueliang1013.xml
C:\system\360safe\config\newui\themes\huyan\huyan.xml
C:\system\360safe\config\newui\themes\huyan\huyan.ui
C:\system\360safe\config\newui\themes\huyan\frame.jpg
C:\system\360safe\config\newui\themes\default\theme_traymenu.xml
C:\system\360safe\config\newui\themes\default\theme_systemfix.xml
C:\system\360safe\config\newui\themes\default\theme_speedupopt2.xml
C:\system\360safe\config\newui\themes\default\theme_speedldskin.xml
C:\system\360safe\netmon\360netfos.dll
C:\system\360safe\netmon\360netman.exe
C:\system\360safe\ipc\ipcservice.dll
C:\system\360safe\miniui.dll
C:\system\360safe\config\newui\themes\yueliang1013\yueliang1013.ui
C:\system\360safe\netmon\360netdiag.dll
C:\system\360safe\netmon\360netctrl.dll
C:\system\360safe\netmon\360msv.ini
C:\system\360safe\netmon\360lanmgr.dll
C:\system\360safe\netmon\360kuaikan.exe
C:\system\360safe\netmon\360kis.exe
C:\system\360safe\netmon\360gmps.dat
C:\system\360safe\netmon\360gmoptm.dat
C:\system\360safe\netmon\360gmblack2.dat
C:\system\360safe\netmon\360gameidentify.dll
C:\system\360safe\netmon\360gameball.ini
C:\system\360safe\netmon\360defps.dat
C:\system\360safe\netmon\360connconf.dat
C:\system\360safe\netmon\360arpui.dll
C:\system\360safe\netmon\360arppopwnd.dll
C:\system\360safe\netmon\360arpinstdrv.dll
C:\system\360safe\liveupd360.dll
%TEMP%\_mei2482\base_library.zip

Удаляет следующие файлы

C:\system\add_autorun.bat
C:\system\hide_everything.vbs

Сетевая активность

Подключается к

's.####.wsm.360.cn':80
'md.###napi.360.cn':80
'18#.#63.238.136':443

TCP

Запросы HTTP GET

http://s.####.wsm.360.cn/cloudtips2.ini?ra#######
http://md.###napi.360.cn/list/get?pr#######################

Другие

'18#.#63.238.136':443

UDP

DNS ASK s.####.wsm.360.cn
DNS ASK md.###napi.360.cn

Другое

Ищет следующие окна

ClassName: 'EDIT' WindowName: ''
ClassName: 'Q360NetmonClassHideTip' WindowName: ''
ClassName: 'Q360NetmonClassTips' WindowName: 'WndFastOptmTips'
ClassName: 'Q360NetmonClassTips' WindowName: 'WndFastOptmTips2'
ClassName: 'Q360SafeMainClass' WindowName: ''
ClassName: 'Q360SDClass' WindowName: ''
ClassName: 'Q360NetmonMainWndClass' WindowName: ''
ClassName: 'Q360NetmonClassDockAnzai' WindowName: ''
ClassName: 'Q360KuaiKanMainClass' WindowName: ''
ClassName: 'Q360NetmonClassInfo' WindowName: ''
ClassName: 'Q360NetmonClassPopupMenu' WindowName: ''

Создает и запускает на исполнение

'C:\system\360safe\safemon\360tray.exe'
'C:\system\xmr\autorun.exe'
'C:\system\usbcopyer.exe'
'C:\system\360safe\netmon\wifi\wifihelper.exe' /check jiasuqiu
'%WINDIR%\syswow64\wscript.exe' "C:\system\hide_everything.vbs"
'C:\system\intelcore.exe'
'C:\system\everything\everything.exe'

Запускает на исполнение

'%WINDIR%\syswow64\cmd.exe' /c ""C:\system\firstrun.bat" "
'%WINDIR%\syswow64\choice.exe' /t 1 /d y /n
'%WINDIR%\syswow64\choice.exe' /t 3 /d y /n
'<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "C:\system\everything\everything....
'C:\system\everything\everything.exe' (со скрытым окном)

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней