Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'BLHDPDHLPLHDPDH' = '<SYSTEM32>\system.exe'
- %WINDIR%\syswow64\system.exe
- %WINDIR%\syswow64\system.exe
- 'xm#.###l.minergate.com':45700
- 'xm#.###l.minergate.com':45700
- DNS ASK xm#.###l.minergate.com
- '%WINDIR%\syswow64\system.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45700 -u shoberik@mail.ru -t 1
- '%WINDIR%\syswow64\system.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45700 -u shoberik@mail.ru -t 1' (with hidden window)