Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'SogouComMgrs' = '<Full path to file>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SogouComMgrs' = '<Full path to file>'
- [<HKLM>\SYSTEM\ControlSet001\Services\pwgte77807049736] 'ImagePath' = '%TEMP%\HFD5Inx.sys'
- <SYSTEM32>\wbem\wmiprvse.exe
- NtOpenProcess, handler: HFD5Inx.sys
- %TEMP%\HFD5Inx.sys
- %TEMP%\HFD5Inx.sys
- %TEMP%\HFD5Inx.sys
- '17#.#3.48.196':443
- '<SYSTEM32>\wbem\wmiprvse.exe' -a cryptonight -o stratum+tcp://178.63.48.196:443 -u 49UFtcDaDaMVC2f1SDkivEgUiAU4pB4B1XPqa96oxTXyF9fp7GvydE8RnUexLYQYobWaoe8iA6Tur9JACrH2vtCR44ZGA9G -p x -k --donate-level=1