Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lHfCYj3JdbLG51s®' = '%APPDATA%\R6Da0MAZmQYjOAM\ECMWmetOVk.exe'
- %APPDATA%\R6Da0MAZmQYjOAM\xminer.exe -a 5 -o http://mi###.#tcguild.com:8332 -u Ianrunzu_hfminer -p 123123a -g yes -t 2
- %APPDATA%\R6Da0MAZmQYjOAM\ECMWmetOVk.exe
- %APPDATA%\R6Da0MAZmQYjOAM\xminer.exe (downloaded from the Internet)
- %APPDATA%\R6Da0MAZmQYjOAM\xminer.exe
- %APPDATA%\R6Da0MAZmQYjOAM\ECMWmetOVk.exe
- %APPDATA%\R6Da0MAZmQYjOAM\xminer.exe
- %APPDATA%\R6Da0MAZmQYjOAM\ECMWmetOVk.exe
- 've##x.net':80
- ve##x.net/x/bcm/bitcoin-miner.exe
- DNS ASK ve##x.net