Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'explorer' = '%WINDIR%\xbooster.exe -o stratum+tcp://xmr-eu1.nanopool.org:14444 -u 42NJgtw17RnJ5g1tYQeGLm2KUqpM8ddfwcMUkPRix9HJ2MxBb8Ds1Ua...
- '' (downloaded from the Internet)
- %WINDIR%\xbooster.exe
- 'os##oft.com':80
- 's3######st-2.amazonaws.com':80
- 'localhost':1037
- http://www.os##oft.com/random/visit.php via os##oft.com
- http://s3######st-2.amazonaws.com/upperservice/xmrig.exe
- DNS ASK www.os##oft.com
- DNS ASK s3######st-2.amazonaws.com
- '%WINDIR%\xbooster.exe' -o stratum+tcp://xmr-eu1.nanopool.org:14444 -u 42NJgtw17RnJ5g1tYQeGLm2KUqpM8ddfwcMUkPRix9HJ2MxBb8Ds1UaKnfL145K9E677wtZoaDb89KfZpFso4tKa9CERxZT/116 -p x --donate-level=1 -B -t 1