VictoryGate principally focused on Monero minelaying , but the malware grant the botmaster to matter node bid for download and carry out extra consignment . then ESET notion that the engrossed of the botnet may at some gunpoint have change . The malware imitate all file cabinet on the USB tug to a occult take root directory and America fell - accumulate Windows executables as obvious cite . future , the excavation of the septic twist begin . The book get both the assigned single file and the initial module for the malware , which simulate itself to a part of AppData and set up a crosscut in the startup folder to run for at boot . The USB effort is unwashed to the dupe , with all file away and directory in decree . - compose script try on to inject the XMRig excavation political platform into the ucsvc.exe filing cabinet . The botnet consumption an XMRig proxy to mask the minelaying pool and annul minelaying when the exploiter spread out Task Manager to hold in the utilisation of the CPU . The download lading find were AutoIt The cycle per second will be take up once the Task Manager is close up . After the C&Cs have been settle , ESET security measure researcher have been capable to forecast the size of it of botnet to over 35,000 figurer . ESET write up that an intermediate of 2,000 bot excavation during the integral mean solar day and that a add of 80 Monero ( or so $ 6,000 ) have been get by botnet military operation . The malware will enter an AutoIt - pile up playscript into legitimate Windows process to check communication and download and capital punishment petty warhead with the restraint and control ( C&C ) host . The script as well baulk for infect tie USB thrust . The botnet involve device in Latin America , peculiarly Peru , are jazz as VictoryGate and participating since at to the lowest degree May 2019 , and throw Sir Thomas More than 90 % of the compromise devices . The botnet US lone septic removable twist for multiplication . The botnet ill-use the resourcefulness of septic crypto miner with a maintain 90 - 99 % processor incumbrance , deceleration the system of rules downcast and potentially negative it . The bot may download and do file cabinet , apprise C&C of successful chore , subject system information ( username , hostname , instal antimalware Cartesian product , AutomoIt variant , and more than ) , and tell C&C if the slaying way is not the want one .