Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\vitrmuukev.url
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%WINDIR%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %WINDIR%\WinRing0x64.sys
- %WINDIR%\notepad.exe
- iexplore.exe
- %ALLUSERSPROFILE%\lkbnmtfjgl\csrss.exe
- %ALLUSERSPROFILE%\lkbnmtfjgl\e9c1286a28_3.1.0
- %ALLUSERSPROFILE%\lkbnmtfjgl\cfgi
- %ALLUSERSPROFILE%\lkbnmtfjgl\cfg
- %ALLUSERSPROFILE%\lkbnmtfjgl\csrss
- %ALLUSERSPROFILE%\lkbnmtfjgl\r.vbs
- %ALLUSERSPROFILE%\lkbnmtfjgl\csrss.exe
- %ALLUSERSPROFILE%\lkbnmtfjgl\r.vbs
- %ALLUSERSPROFILE%\lkbnmtfjgl\csrss.exe
- %ALLUSERSPROFILE%\lkbnmtfjgl\r.vbs
- '45.##4.225.135':80
- 'xm######ast1.nanopool.org':14444
- http://45.##4.225.135/notepad.exe
- DNS ASK xm######ast1.nanopool.org
- '%WINDIR%\notepad.exe' -c "%ALLUSERSPROFILE%\LKBNMTFJgl\cfg"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%ALLUSERSPROFILE%\LKBNMTFJgl\r.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%ALLUSERSPROFILE%\LKBNMTFJgl\r.vbs"
- '%WINDIR%\notepad.exe' -c "%ALLUSERSPROFILE%\LKBNMTFJgl\cfgi"