Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'updt' = '"%ALLUSERSPROFILE%\esif.exe"'
- %ALLUSERSPROFILE%\serviceprofiles\cmd.bat
- %ALLUSERSPROFILE%\esif.exe
- nul
- %ALLUSERSPROFILE%\esif.exe
- %ALLUSERSPROFILE%\serviceprofiles\cmd.bat
- 'xm#.###l.minergate.com':45560
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ip###ger.com
- DNS ASK microsoft.com
- DNS ASK xm#.###l.minergate.com
- '%ALLUSERSPROFILE%\esif.exe'
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\ServiceProfiles\cmd.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%ALLUSERSPROFILE%\ServiceProfiles\cmd.bat" "
- '<SYSTEM32>\tasklist.exe'
- '<SYSTEM32>\findstr.exe' /B /L /I /C:esif.exe
- '<SYSTEM32>\ping.exe' -n 1 -w 100 192.168.254.254