Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'BmZYfYWIKX' = '"<LS_APPDATA>\tpNKfSbgls\NVIDIA~1.EXE"'
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\tpNKfSbgls\nvidiadriverupdate.exe
- 'xm#.###l.minergate.com':45560
- DNS ASK xm#.###l.minergate.com
- '<SYSTEM32>\svchost.exe' -o xmr.pool.minergate.com:45560 -u derfarbstiftabs@tutanota.com -p x -v 0 -t 2