Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\zx.lnk
- 'C:\Users\Default\AppData\Local\zx.exe'
- 'C:\Users\Default\AppData\Local\dotnetfx32.exe' -a cryptonight -o stratum+tcp://xmr.miner.center:2555 -u 47Q6vnXonJP2NY81etbgKu1VaeQcB3qPQebFQtvsz7ZrjQqrhmqp9oCA1vjH1QRXLKGgRCuxi8UExRVbtGsiqUSb6LA7Pjp -p x -t 2 -nofee 1
- '%TEMP%\12.exe'
- '%TEMP%\1.exe' -p1 -dC:\Users\Default\AppData\Local
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t1121.bat" "C:\Users\Default\AppData\Local\zx.exe" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ztmp\t15722.bat" "%TEMP%\12.exe" "
- %TEMP%\ztmp\t1173.exe
- %TEMP%\ztmp\t1121.bat
- C:\Users\Default\AppData\Local\1422151995_log.txt
- C:\Users\Default\AppData\Local\1422152092_log.txt
- C:\Users\Default\AppData\Local\1422152029_log.txt
- C:\Users\Default\AppData\Local\zx.exe
- %TEMP%\1.exe
- %TEMP%\12.exe
- %TEMP%\ztmp\t15722.bat
- C:\Users\Default\AppData\Local\dotnetfx32.exe
- %TEMP%\ztmp\t15774.exe
- C:\Users\Default\AppData\Local\dotnetfx32.exe
- C:\Users\Default\AppData\Local\zx.exe
- %TEMP%\12.exe
- %TEMP%\1.exe
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini
- <SYSTEM32>\PerfStringBackup.TMP
- %TEMP%\ztmp\t15722.bat
- %TEMP%\ztmp\t15774.exe
- 'xm#.##ner.center':2555
- DNS ASK xm#.##ner.center
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''