PyRoMine uses NSA exploits to mine Monero and disable security features

In 2016 the Shadow Brokers leaked several hacking tools and zero-day exploits including ETERNALBLUE and ETERNALROMANCE that targeted versions of Windows XP/Vista/8.1/7/10 and Windows Server 2003/2008/2012/2016 and took advantage of CVE-2017-0144 and CVE-2017-0145.

Windows 2008 VPS via PyRoMine uses NSA exploits to mine Monero and disable security features.