Technical Information
- User Account Control (UAC)
- %ProgramFiles% (x86)\Macromed\Flash\FlashHelperService.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\config[1].txt
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\xmrig[1].png
- <Full path to file>
- 'xi#####emotecontrol.xyz':80
- http://www.xi#####emotecontrol.xyz/xmr/config.txt via xi#####emotecontrol.xyz
- http://www.xi#####emotecontrol.xyz/xmr/xmrig.png via xi#####emotecontrol.xyz
- DNS ASK www.xi#####emotecontrol.xyz
- '%ProgramFiles% (x86)\Macromed\Flash\FlashHelperService.exe'
- '<SYSTEM32>\cmd.exe' /c del "<Full path to file>"
- '<SYSTEM32>\schtasks.exe' /create /tn "FlashHelperService" /tr "%ProgramFiles(x86)%\Macromed\Flash\FlashHelperService.exe" /sc onlogon /F