Техническая информация
- <SYSTEM32>\tasks\update\helper
- %WINDIR%\notepad.exe
- %ALLUSERSPROFILE%\helper.exe
- %TEMP%\z48
- %TEMP%\z48
- 'xm#.##ypto-pool.fr':3333
- DNS ASK xm#.##ypto-pool.fr
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\helper" /XML "%TEMP%\z48"' (со скрытым окном)
- '%WINDIR%\syswow64\schtasks.exe' /Create /TN "Update\helper" /XML "%TEMP%\z48"
- '%WINDIR%\notepad.exe' -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:3333 -u 45TXk63gCQZGgYx8Nv4ZqwKbhqSeB62aGQJhpiNYEmQEjGxsTu4VQYX6RNXZv1yMNDcXnLzGxWDKp1tcCi7XGrSy2w5v9UU -p x -t 1
- '%WINDIR%\notepad.exe' -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:3333 -u 45TXk63gCQZGgYx8Nv4ZqwKbhqSeB62aGQJhpiNYEmQEjGxsTu4VQYX6RNXZv1yMNDcXnLzGxWDKp1tcCi7XGrSy2w5v9UU -p x -t 2