Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'defender.exe' = '%TEMP%\defender.exe'
- <SYSTEM32>\winlogon.exe
- %TEMP%\defender.exe
- 'po##.#upportxmr.com':5555
- DNS ASK po##.#upportxmr.com
- '%TEMP%\defender.exe'
- '<SYSTEM32>\winlogon.exe' -B --donate-level=1 -a cryptonight --url=stratum+tcp://pool.supportxmr.com:5555 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQrvY258JJQ5MHwL6UV -p ...