Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\NvTelemetryContainers_Windows] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\NvTelemetryContainers_Windows] 'ImagePath' = '%ProgramFiles%\wininit.sys'
- 'NvTelemetryContainers_Windows' %ProgramFiles%\wininit.sys
- %ProgramFiles%\wininit.sys
- %ProgramFiles%\wininit.sys
- 'po##.#upportxmr.com':5555
- 'po##.#upportxmr.com':5555
- DNS ASK po##.#upportxmr.com
- '%ProgramFiles%\wininit.sys'
- '<SYSTEM32>\cmd.exe' /c attrib +s +h "%ProgramFiles%\wininit.sys"
- '<SYSTEM32>\attrib.exe' +s +h "%ProgramFiles%\wininit.sys"