Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'TlMIIzbnIB' = '"%ProgramFiles%\RBQFPF~1\mymin.exe"'
- %WINDIR%\notepad.exe
- %PROGRAMDATA%\rbqfpfjhze\cfgi
- %PROGRAMDATA%\rbqfpfjhze\cfg
- %PROGRAMDATA%\rbqfpfjhze\mymin.exe
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\RBQfpfJHze\cfg"