Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] 'ntdll' = 'ntdll.dll'
- <SYSTEM32>\svchost.exe
- %ALLUSERSPROFILE%\application data\bxvabwvjrn\cfgi
- %ALLUSERSPROFILE%\application data\bxvabwvjrn\cfg
- %HOMEPATH%\wksprt\supercpuchecker.exe
- 'su######er.newminersage.com':9556
- DNS ASK su######er.newminersage.com
- '<SYSTEM32>\schtasks.exe' /create /tn ie4uinit /tr "%HOMEPATH%\wksprt\supercpuchecker.exe" /sc minute /mo 1 /F' (with hidden window)
- '<SYSTEM32>\svchost.exe' -c "%ALLUSERSPROFILE%\Application Data\bXvaBWVJrN\cfg"
- '<SYSTEM32>\schtasks.exe' /create /tn ie4uinit /tr "%HOMEPATH%\wksprt\supercpuchecker.exe" /sc minute /mo 1 /F