Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '%TEMP%\Services.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\services.exe
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org
- '%TEMP%\services.exe'
- '<SYSTEM32>\svchost.exe' -B --donate-level=5 -a cryptonight --url=xmr-eu1.nanopool.org:14444 -u 41oWqCxVa9aCfvyx1pjyXjRuWY3ZbZFYwj229Q95CZGAQ1TKgz63MKGcdv2dJ1LcQAh43BvHSsbmo7UkSQRvMHQn6Hysyrq -p -R --variant=-1 --max-...