Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Services.exe' = '%APPDATA%\Services.exe'
- <SYSTEM32>\cmd.exe
- %APPDATA%\services.exe
- 'gu##.##neroocean.stream':80
- DNS ASK gu##.##neroocean.stream
- '%APPDATA%\services.exe'
- '<SYSTEM32>\cmd.exe' -B --donate-level=5 -a cryptonight --url=gulf.moneroocean.stream:80 -u 48YiBcrbfYr4sk4gCM2qES6hb6gveaEeBRr8Yy5eGavZ2K268i2MU4xJu5aZ38Q4xNUhMMX5YnPW6DAhQ9bu7BRAQDuiggZ -p comp2 -R --variant=-1 -...