Technical Information
- <SYSTEM32>\tasks\netcontrolupdate
- '<SYSTEM32>\taskkill.exe' /F /T /im NsCpuCNMiner32.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im NsCpuCNMiner64.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im minergate.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im minergate-service.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im srvany.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im nssm.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im NiceHashMiner.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im cpuminer_opt_AVX_AES.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im minerd.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im minergate-cli.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im NsCpuCNMiner.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im HS_Svc.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im HostXmrig.exe
- '<SYSTEM32>\taskkill.exe' /F /T /im XMRig.exe
- %TEMP%\5965.tmp\5966.bat
- '34.##0.144.191':443
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\5965.tmp\5966.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\5965.tmp\5966.bat <Full path to file>"
- '<SYSTEM32>\cmd.exe' /S /D /c" echo N"
- '<SYSTEM32>\schtasks.exe' /create /ru "SYSTEM" /sc minute /mo 5 /tn "NETControlUpdate" /tr "<SYSTEM32>\service.exe"