Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WMI Update Service' = '%PROGRAMDATA%\WMI Provider Host\taskshell.exe'
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%PROGRAMDATA%\WMI Provider Host\WinRing0x64.sys'
- %PROGRAMDATA%\wmi provider host\taskshell.exe
- %PROGRAMDATA%\wmi provider host\sha256sums
- %PROGRAMDATA%\wmi provider host\winring0x64.dll
- %PROGRAMDATA%\wmi provider host\config.json
- %PROGRAMDATA%\wmi provider host\taskshell.exe
- %PROGRAMDATA%\wmi provider host\sha256sums
- %PROGRAMDATA%\wmi provider host\config.json
- %PROGRAMDATA%\wmi provider host\winring0x64.dll
- 'xm#.###l.minergate.com':45700
- DNS ASK xm#.###l.minergate.com
- '%PROGRAMDATA%\wmi provider host\taskshell.exe'