Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WindowsUpdater' = 'c:\XMR\Coin\start.exe'
- C:\XMR\Coin\Core32.exe
- C:\XMR\Coin\api\index.php
- C:\XMR\Coin\api\local-sample.php
- C:\XMR\Coin\api\websocket.htm
- C:\XMR\Coin\run.vbs
- %TEMP%\tmp1.tmp.bat
- C:\XMR\Coin\start.exe
- %TEMP%\tmp1.tmp.bat
- DNS ASK xm#.###l.minergate.com
- '<SYSTEM32>\wscript.exe' "C:\XMR\Coin\run.vbs"
- 'C:\XMR\Coin\Core32.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u sayedmido50@gmail.com -p urpassword
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tmp1.tmp.bat" "