Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegHost' = '%APPDATA%\Microsoft\RegHost.exe'
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%WINDIR%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %WINDIR%\WinRing0x64.sys
- %WINDIR%\explorer.exe
- %APPDATA%\microsoft\reghost.exe
- '18#.#37.234.33':8080
- 'xm#####.nanopool.org':14444
- http://18#.##7.234.33:8080/hs via 18#.#37.234.33
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org
- '%WINDIR%\bfsvc.exe' --algo ETCHASH --pool eu1-etc.ethermine.org:4444 --user 0xDE52C43Eff74263429627E5134c722e966cC16D0 --worker FULL4S --dualmode TONDUAL --dualpool wss://pplns.toncoinpool.io/stratum --dualuser EQ...
- '%WINDIR%\notepad.exe' --coin=XMR -o xmr-eu1.nanopool.org:14444 -u 48R9fg8qgm5CYHt96ukfsq88zt2w9KHYGMdHUvsFYBZs1W5hw2kqzsvQBERx92uWsNBcvG7Laqu6yb47NSmqzYWRHjvaFAG -p FULL4S
- '%WINDIR%\explorer.exe' "easyminer_def" "" "RedFullWork" "etc"