Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Intel(R)Management' = '%ALLUSERSPROFILE%\Intel(R) Management\intelsetup.exe'
- %ALLUSERSPROFILE%\intelsetup.exe
- %ALLUSERSPROFILE%\intel(r) management\intelsetup.exe
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %ALLUSERSPROFILE%\intel(r) management\run.exe
- %ALLUSERSPROFILE%\intel(r) management\intelservice.exe
- %TEMP%\6190.tmp\6191.bat
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- 'xm#.###l.minergate.com':45560
- DNS ASK xm#.###l.minergate.com
- '%ALLUSERSPROFILE%\intelsetup.exe'
- '%ALLUSERSPROFILE%\intel(r) management\run.exe'
- '%ALLUSERSPROFILE%\intel(r) management\intelservice.exe' -a cryptonight -o stratum+tcp://xmr.pool.minergate.com:45560 -u smirnova-357@mail.ru -t 2
- '%ALLUSERSPROFILE%\intel(r) management\run.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\6190.tmp\6191.bat "%ALLUSERSPROFILE%\Intel(R) Management\run.exe""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\6190.tmp\6191.bat "%ALLUSERSPROFILE%\Intel(R) Management\run.exe""