Technical Information
- %WINDIR%\Tasks\xbooster.job
- '%WINDIR%\ghjgfsjdgfsh.exe' -o stratum+tcp://xmr-eu1.nanopool.org:14444 -u 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbRwhkbK2uwRj8snedXv/1 -p x
- '%WINDIR%\ghjgfsjdgfsh.exe' (downloaded from the Internet)
- %WINDIR%\ghjgfsjdgfsh.exe
- 'os##oft.com':80
- 's3######st-2.amazonaws.com':80
- 'localhost':1037
- http://os##oft.com/console/visit.php
- http://s3######st-2.amazonaws.com/zminer/NsCpuCNMiner32.exe
- DNS ASK os##oft.com
- DNS ASK s3######st-2.amazonaws.com