Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'CWiwTo.exe' = '%WINDIR%\CWiwTo.exe'
- cwiwto.exe
- %WINDIR%\cwiwto.exe
- %WINDIR%\msvcp140.dll
- %WINDIR%\nvrtc64_92.dll
- %WINDIR%\nvrtc-builtins64_92.dll
- %WINDIR%\opencl.dll
- %WINDIR%\vcruntime140.dll
- http://xm####rvices.com/&2.txt
- http://xm####rvices.com/&3.txt
- http://xm####rvices.com/&4.txt
- http://xm####rvices.com/&5.txt
- http://xm####rvices.com/&6.txt
- http://xm####rvices.com/&0.txt
- http://xm####rvices.com/&1.txt
- DNS ASK xm####rvices.com
- DNS ASK mi###gate.com
- DNS ASK xm#.###l.minergate.com
- '%WINDIR%\cwiwto.exe'
- '%WINDIR%\cwiwto.exe' -u 91qctt2f77kfkyn --xmr 1
- '<SYSTEM32>\cmd.exe' /c "systeminfo "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "systeminfo "
- '<SYSTEM32>\systeminfo.exe'