Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'aPmFeuMRgn' = '"<LS_APPDATA>\vGpCJziLEf\windrv.exe"'
- '<SYSTEM32>\svchost.exe' -a cryptonight -o stratum+tcp://monerohash.com:3333 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQni58KYZqH43YSDeqY -p x -t 2
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\vGpCJziLEf\windrv.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''