Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xxsdcyiyi' = 'C:\xxs\winlogon.exe'
- '<SYSTEM32>\taskkill.exe' /f /im Taskmgr.exe
- C:\xxs\winlogon.exe
- %WINDIR%\Temp\severxxs.exe
- 'jw####.ppxxmr.com':5555
- DNS ASK jw####.ppxxmr.com
- ClassName: '' WindowName: ''
- 'C:\xxs\winlogon.exe'
- '%WINDIR%\Temp\severxxs.exe' -B -o stratum+tcp://jw-js1.ppxxmr.com:5555 -u 44tLjmXrQNrWJ5NBsEj2R77ZBEgDa3fEe9GLpSf2FRmhexPvfYDUAB7EXX1Hdb3aMQ9FLqdJ56yaAhiXoRsceGJCRS3Jxkn.72468a1e2c77536fa8b5897d28b236c88dc35ab42bd987a834b...