Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ntoskrnl.exe' = '%TEMP%\ntoskrnl.exe'
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %TEMP%\ntoskrnl.exe
- %TEMP%\ntoskrnl.exe
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org
- '%TEMP%\ntoskrnl.exe'
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe' -B --donate-level=0 -t 1 -a cryptonight --url=xmr-eu1.nanopool.org:14444 -u 4AwPTqEMSFL2HRhJTMScyNLssTrW97VPs1gFnSPuaEZiDnQqFQGQtxqQJNdEMZim4nYVZihfzU8QqRFBwJZqeL5aRBwHKDR.yomi -p x -R --varian...