Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\desktop.ini.lnk
- %APPDATA%\system32\run.bat
- %APPDATA%\system32\rundll.exe
- %APPDATA%\system32\config.json
- %APPDATA%\system32\svchost.exe
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org
- ClassName: 'EDIT' WindowName: ''
- '%APPDATA%\system32\rundll.exe' -p123
- '%APPDATA%\system32\svchost.exe'
- '<SYSTEM32>\cmd.exe' /c ""%APPDATA%\system32\run.bat" "