Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TJYgUdvHQS' = '"<LS_APPDATA>\FEtVmYyIDR\FAXSER~1.EXE"'
- '<SYSTEM32>\svchost.exe' -o xmr.crypto-pool.fr:80 -u 48ftr95xVHDeRrpm4afaFzXKJwC4Q2E7hY3SE1TCBZqZEwNgTLp2zsGNafxqptArHu6FJRdRpoH9fV2eVmWXyXUD9KbF6hp -p x -v 0 -t 2
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\FEtVmYyIDR\FaxService.exe
- %TEMP%\777918069
- 'xm#.##ypto-pool.fr':80
- DNS ASK xm#.##ypto-pool.fr