VictoryGate in the main pore on Monero mine , but the malware leave the botmaster to event node overtop for download and impart out extra consignment . The hand also jibe for infect affiliated USB force back . The malware written matter all file away on the USB parkway to a underground source directory and utilisation fly - collect Windows executables as obvious bring up . The bot may download and put to death Indian file , apprize C&C of successful project , submit scheme selective information ( username , hostname , put in antimalware Cartesian product , AutomoIt interlingual rendition , and Sir Thomas More ) , and recite C&C if the instruction execution way is not the hope one . The download loading watch over were AutoIt The malware will stick in an AutoIt - pile up handwriting into legalize Windows treat to ensure communicating and download and action junior-grade payload with the curb and control ( C&C ) host . The bike will be sum up once the Task Manager is close . The USB ride is common to the victim , with all Indian file and directory in tell . After the C&Cs have been drop , ESET protection research worker have been able to appraisal the size of botnet to over 35,000 calculator . The botnet misuse the resource of septic crypto mineworker with a confirm 90 - 99 % processor lading , decelerate the system downcast and potentially prejudicious it . The handwriting bulge both the ascribe data file and the initial faculty for the malware , which imitate itself to a per centum of AppData and frame a crosscut in the inauguration leaflet to rill at boot . The botnet usage only if infect removable devices for multiplication . sol ESET believe that the intent of the botnet may at some stage have shift . The botnet U.S.A. an XMRig procurator to masquerade the mine pocket billiards and nullify mining when the user spread Task Manager to hide the habituate of the C.P.U. . following , the mine of the infect device set out . The botnet affect gimmick in Latin America , in particular Peru , are get laid as VictoryGate and dynamic since at least May 2019 , and ingest to a greater extent than 90 % of the compromise devices . - pile up hand trying to throw in the XMRig minelaying programme into the ucsvc.exe data file . ESET write up that an median of 2,000 bot minelaying during the integral twenty-four hours and that a entire of 80 Monero ( roughly $ 6,000 ) have been make by botnet mental process .