Technical Information
- %WINDIR%\notepad.exe
- iexplore.exe
- %PROGRAMDATA%\tdgbelwhna\cfgi
- %PROGRAMDATA%\tdgbelwhna\cfg
- %PROGRAMDATA%\tdgbelwhna\file3
- %PROGRAMDATA%\tdgbelwhna\r.vbs
- %PROGRAMDATA%\tdgbelwhna\r.vbs
- from %PROGRAMDATA%\tdgbelwhna\file3 to %PROGRAMDATA%\tdgbelwhna\file3.exe
- %PROGRAMDATA%\tdgbelwhna\r.vbs
- 'us#####.###domx-hub.miningpoolhub.com':20580
- DNS ASK us#####.###domx-hub.miningpoolhub.com
- '%WINDIR%\notepad.exe' -c "%PROGRAMDATA%\TdGBELWhna\cfg"
- '%WINDIR%\syswow64\cmd.exe' /C WScript "%PROGRAMDATA%\TdGBELWhna\r.vbs"
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\TdGBELWhna\r.vbs"