Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Audio' = '%APPDATA%\Windows Folder\Windows Service.exe'
- %APPDATA%\windows folder\windows service.exe
- %APPDATA%\windows folder\winlogon.exe
- %APPDATA%\windows folder\windows service.exe
- http://f0####00.xsph.ru/x64.exe
- DNS ASK f0####00.xsph.ru
- DNS ASK ip###ger.org
- DNS ASK xm#.###l.minergate.com
- DNS ASK vk.com
- '%APPDATA%\windows folder\winlogon.exe' -o stratum+tcp://xmr.pool.minergate.com:45700 -u perfenonus@yandex.ru --max-cpu-usage=50 -p x --donate-level=1 --algo=cryptonight