Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Driver' = '%APPDATA%\Sysfiles\<File name>.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\driver.url
- ClassName: 'OLLYDBG', WindowName: ''
- %APPDATA%\sysfiles\driver.exe
- from <Full path to file> to %APPDATA%\sysfiles\<File name>.exe
- 'a0####68.xsph.ru':80
- http://a0####68.xsph.ru/cmd.php?hw###########
- http://a0####68.xsph.ru/cmd.php?ti#######
- DNS ASK a0####68.xsph.ru
- '%APPDATA%\sysfiles\driver.exe' -o pool.supportxmr.com:3333 -u 46UY3tav8Vga6PYZujz7uVNFctBe7EGuxXKUMt1TC6iWCyYNXuUWneGeU8Hx5zFS8FT2p1zeJgBCTBCXcLAVdnT3EPpeXnp -p x -k -v=0 --donate-level=1 -t 1
- '%APPDATA%\sysfiles\driver.exe' -o pool.supportxmr.com:3333 -u 46UY3tav8Vga6PYZujz7uVNFctBe7EGuxXKUMt1TC6iWCyYNXuUWneGeU8Hx5zFS8FT2p1zeJgBCTBCXcLAVdnT3EPpeXnp -p x -k -v=0 --donate-level=1 -t 1' (with hidden window)