Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'EzECIXRZzy' = '"<LS_APPDATA>\nryAgBKBkx\XMRONL~1.EXE"'
- <SYSTEM32>\svchost.exe
- %TEMP%\dw.log
- %TEMP%\2931E.dmp
- %TEMP%\XMR Builder.exe
- <LS_APPDATA>\nryAgBKBkx\xmronline.exe
- 'po##.#inexmr.com':5555
- DNS ASK po##.#inexmr.com
- '<Full path to file>'
- '%TEMP%\XMR Builder.exe'
- '%CommonProgramFiles%\Microsoft Shared\DW\DW20.EXE' -x -s 392
- '<SYSTEM32>\svchost.exe' -o pool.minexmr.com:5555 -u 46TJTze8t7oU7DX7dtZzXNfNjt5NeX736K2yeyUV4ebLdKvkLds7RuLCr2ZpMCyeSZj2EqFmvykZGDAuRosHgb49CFGqXuh -p x -v 0 -t 2