Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '%TEMP%\Services.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %TEMP%\Services.exe
- %TEMP%\Services.exe
- 'xm####.sparkpool.com':11000
- DNS ASK xm####.sparkpool.com
- '%TEMP%\Services.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe' -B --donate-level=0 -t 1 -a cryptonight --url=xmr-cn.sparkpool.com:11000 -u 47egX5kcVVVPfzSMJTHXDHK85oDh5DDhHQgTAg5k8187XMg9tWYgKWPWU1ykZjLmUrLiSVD2a5a76JyPfCEfGdzVE6PQroM -p -R --variant=-1 -...