Техническая информация
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'startupname' = '%APPDATA%\filename.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\notepad.lnk
- %WINDIR%\syswow64\calc.exe
- %APPDATA%\filename.exe
- %TEMP%\lzma.dll
- DNS ASK xm#####.xmrminingpool.net
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'
- '%WINDIR%\syswow64\calc.exe' -o xmrpool.xmrminingpool.net:3333 -u GuyFawkesMiner-user -p xxxx -k --max-cpu-usage=50