Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\Explorer.lnk
- C:\ProgramData\Windows\cpu.vbs
- C:\ProgramData\Windows\Explorer.bat
- C:\ProgramData\Windows\Explorer.vbs
- C:\ProgramData\Windows\start.cmd
- C:\ProgramData\Windows\svchost.exe
- C:\ProgramData\Windows\config.json
- C:\ProgramData\Windows\cpu.bat
- 'xm#.###l.minergate.com':45700
- DNS ASK xm#.###l.minergate.com
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\ProgramData\Windows\Explorer.vbs"
- 'C:\ProgramData\Windows\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\ProgramData\Windows\cpu.bat" "