Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'explorer' = '%WINDIR%\lkhhfgfdd.exe -o stratum+tcp://xmr-eu1.nanopool.org:14444 -u 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUc...
- %WINDIR%\Tasks\Manager.job
- '%WINDIR%\lkhhfgfdd.exe' -o stratum+tcp://xmr-eu1.nanopool.org:14444 -u 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbS3oEu2anRxb5t5spNy/12 -p x --donate-level=1 -B
- %WINDIR%\lkhhfgfdd.exe
- %APPDATA%\Adobe\Manager.exe
- 'xm#####.nanopool.org':14444
- 'xt###ker.club':80
- http://xt###ker.club/click.php?cn###############
- DNS ASK xm#####.nanopool.org
- DNS ASK xt###ker.club