Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'mBdeufGo' = '%TEMP%\mBdeufGo.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\mBdeufGo.exe
- 'po##.#upportxmr.com':5555
- DNS ASK po##.#upportxmr.com
- '<SYSTEM32>\svchost.exe' -o pool.supportxmr.com:5555 -u 49uyd92G1QEKFyHuxzhFPHUL2unjY7jFT9j6GvwDtnPQdvZzjQxfiPe3KHhZPGfzfVJSSijRkQQnrHNtpvNaZjgLGYRRcgf -p x -k --donate-level=1 --max-cpu-usage=50 -B