Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lxDvIsySkQ' = '"<LS_APPDATA>\imnkGuLjLm\topstack.exe"'
- <SYSTEM32>\svchost.exe
- MSBuild.exe
- <LS_APPDATA>\imnkGuLjLm\topstack.exe
- %TEMP%\MSBuild.exe
- %APPDATA%\mxb\FileStructure.exe
- 'po##.###ero.hashvault.pro':3333
- DNS ASK po##.###ero.hashvault.pro
- '%TEMP%\MSBuild.exe'
- '%APPDATA%\mxb\FileStructure.exe'
- '<SYSTEM32>\svchost.exe' -o pool.monero.hashvault.pro:3333 -u 44S7Ca9zGvnNVFPHD5novTAhhZ84nFEjUdWPnGskdVTPgVY7xXvJSXFeLGaZ82kEz5CTc84cfawU6cyKac2avGkTGTwy478 -p x -v 0 -t 2
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Microsoft® Windows® Operating Operating System" /tr "%APPDATA%\mxb\FileStructure.exe"