Technical Information
- <SYSTEM32>\tasks\0
- %ALLUSERSPROFILE%\0\0.exe
- %ALLUSERSPROFILE%\screen.jpg
- %ALLUSERSPROFILE%\0\eth.exe
- %ALLUSERSPROFILE%\0\eth.exe
- 'mi######tvisualstudio.wtf':80
- http://mi######tvisualstudio.wtf/main.php
- http://mi######tvisualstudio.wtf/dle.php
- DNS ASK mi######tvisualstudio.wtf
- ClassName: '' WindowName: 'Task Manager'
- ClassName: '' WindowName: 'Диспетчер задач'
- '%ALLUSERSPROFILE%\0\eth.exe' --algo TON --pool wss://stratum.whalestonpool.com/stratum --user EQBKgXCNLPexWhs2L79kiARR1phGH1LwXxRbNsCFF9doc2lN
- '%ALLUSERSPROFILE%\0\0.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 3 /tn "0" /tr "%ALLUSERSPROFILE%\0\0.exe" /f' (with hidden window)
- '%ALLUSERSPROFILE%\0\eth.exe' --algo TON --pool wss://stratum.whalestonpool.com/stratum --user EQBKgXCNLPexWhs2L79kiARR1phGH1LwXxRbNsCFF9doc2lN' (with hidden window)
- '%ALLUSERSPROFILE%\0\0.exe' ' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /sc MINUTE /mo 3 /tn "0" /tr "%ALLUSERSPROFILE%\0\0.exe" /f
- '<SYSTEM32>\taskeng.exe' {DA03F5C4-41ED-4D6B-8388-9CEF0E5D7453} S-1-5-21-1960123792-2022915161-3775307078-1001:hfyhnyz\user:Interactive:[1]