Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Command Line Support' = 'cmd.exe /C %ALLUSERSPROFILE%\Application Data\SysWOW64\y6oVS.cmd'
- %ALLUSERSPROFILE%\Application Data\SoftwareDistribution\nheqminer32.exe
- %ALLUSERSPROFILE%\Application Data\SysWOW64\y6oVS.cmd
- %TEMP%\6y47sq3Ao388BSzhRe\state.tmp
- from %TEMP%\6y47sq3Ao388BSzhRe\state.tmp to %TEMP%\6y47sq3Ao388BSzhRe\state
- 'eu#####sh.flypool.org':3333
- 'localhost':1040
- '19#.#09.206.212':443
- '12#.31.0.39':9101
- '13#.#88.40.189':443
- DNS ASK eu#####sh.flypool.org