Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Python3' = '<Full path to file>'
- C:\$RECYCLE.EXE.JPG\Filename
- <Full path to file>
- C:\$RECYCLE.EXE.JPG\Filename
- C:\$RECYCLE.EXE.JPG\Filename
- '47.##4.110.131':88
- 'po##.minexmr.cn':8888
- DNS ASK po##.minexmr.cn
- '<SYSTEM32>\schtasks.exe' /create /sc minute /tn "pyngxmr" /tr <Full path to file> /f
- '<SYSTEM32>\schtasks.exe' schtasks /create /sc minute /mo 5 /tn "NOD32" /tr <Full path to file> /f