Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '%APPDATA%\Services.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Services.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\services.exe
- <SYSTEM32>\cmd.exe
- %APPDATA%\services.exe
- %APPDATA%\tempservices.exe
- %APPDATA%\tempservices.exe
- 'te#######are-48167.portmap.io':48167
- DNS ASK po##.#upportxmr.com
- DNS ASK ra#.####ubusercontent.com
- DNS ASK te#######are-48167.portmap.io
- '%APPDATA%\services.exe'
- '%APPDATA%\tempservices.exe'
- '%APPDATA%\microsoft\windows\start menu\programs\startup\services.exe'
- '<SYSTEM32>\cmd.exe' -B --donate-level=5 -a cryptonight --url=pool.supportxmr.com:3333 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQnywzhKtbpsFGb8Ey8 -p -R --variant=...