Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'svchost2' = '%APPDATA%\svchost2\svchost2.exe'
- %APPDATA%\svchost2\xmr.exe
- %APPDATA%\svchost2\svchost2.exe
- http://41##.xf.cz/xmrig
- http://41##.xf.cz/m1n3
- DNS ASK 41##.xf.cz
- DNS ASK po##.#inexmr.com
- '%APPDATA%\svchost2\xmr.exe' --url=pool.minexmr.com:4444 --max-cpu-usage=50 --user=45Mk7UqMqQEJtVYU4ExbMJhjSy1J7uAPmZMFWsAHc6AmdAPL5bZojMfNucXoH2eGtcXiLubMC7pLga5xVmdPEnkc4Ki1Dkd
- '<SYSTEM32>\cmd.exe' /C %APPDATA%\svchost2\xmr.exe --url=pool.minexmr.com:4444 --max-cpu-usage=50 --user=45Mk7UqMqQEJtVYU4ExbMJhjSy1J7uAPmZMFWsAHc6AmdAPL5bZojMfNucXoH2eGtcXiLubMC7pLga5xVmdPEnkc4Ki1Dkd