Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\vxdzakvlvs.url
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%WINDIR%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %WINDIR%\WinRing0x64.sys
- %WINDIR%\notepad.exe
- %ALLUSERSPROFILE%\gnjxfumekl\cfgi
- %ALLUSERSPROFILE%\gnjxfumekl\cfg
- %ALLUSERSPROFILE%\gnjxfumekl\erosxmrminer
- %ALLUSERSPROFILE%\gnjxfumekl\r.vbs
- %ALLUSERSPROFILE%\gnjxfumekl\r.vbs
- %ALLUSERSPROFILE%\gnjxfumekl\erosxmrminer в %ALLUSERSPROFILE%\gnjxfumekl\erosxmrminer.exe
- %ALLUSERSPROFILE%\gnjxfumekl\r.vbs
- 'po##.#upportxmr.com':3333
- DNS ASK po##.#upportxmr.com
- '%WINDIR%\notepad.exe' -c "%ALLUSERSPROFILE%\GNJxFuMeKL\cfgi"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%ALLUSERSPROFILE%\GNJxFuMeKL\r.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\GNJxFuMeKL\r.vbs"