Cryptomining malware is one of the most common threats to enterprise systems. The sophistication of cryptominers has grown over the years, incorporating attack vectors and techniques such as fileless execution, run-time compilation and reflective code injection. The malware arrived as an encoded script that, when executed, set up a scheduled task to run at system setup and launch a second encoded PowerShell command. Once loaded, the cryptominer initiates communications with a series of Tor nodes, which likely serve as anonymizing proxies in order to hide the real location of mining pools.”]