Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'QKZcCmsSQJ' = '"<LS_APPDATA>\munLHWbfvQ\servlces.exe"'
- '<Full path to file>'
- '<SYSTEM32>\svchost.exe' -o xmr-eu1.nanopool.org:14444 -u 45GCe3MjJq9SgJLQrgsvs2fgpX9Tu6B1mZrUnusaPLcSGveHeBHZZhqY9JciEKqYVyACZamLejJDaeydLksTG1iSFgMB68b -p x -v 0 -t 2
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\munLHWbfvQ\servlces.exe
- %TEMP%\fGEybi
- %TEMP%\nsz2.tmp
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org