Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nvidiageforce.exe' = '%TEMP%\nvidiageforce.exe'
- <SYSTEM32>\winlogon.exe
- %TEMP%\nvidiageforce.exe
- 'po##.#upportxmr.com':3333
- DNS ASK po##.#upportxmr.com
- '%TEMP%\nvidiageforce.exe'
- '<SYSTEM32>\winlogon.exe' -B --donate-level=1 -a cryptonight --url=stratum+tcp://pool.supportxmr.com:3333 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQoeCjP89wG8Dqp2vEc -p ...