Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\svchost.exe
- '%TEMP%\afolder\expl0rer.exe' -o stratum+tcp://mine.moneropool.com:80 -u 46Lhz9YFVfsSoSqw31iW4w6qqUciUD6WNbVfMxuiNRXUczeZn8LGwvY267GVBPKXPE49fQgDKFPrAAZGe945CvG2KV41mgJ -p x
- '%APPDATA%\csrss.exe'
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ytmp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\ytmp\t26855.bat" "%APPDATA%\csrss.exe" "
- %TEMP%\ytmp\t27008.exe
- %TEMP%\afolder\1509568115_log.txt
- %TEMP%\ytmp\t26855.bat
- %APPDATA%\csrss.exe
- %TEMP%\afolder\expl0rer.exe
- 'mi##.#oneropool.com':80
- DNS ASK mi##.#oneropool.com