Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RegHost' = '%APPDATA%\Microsoft\RegHost.exe'
- %WINDIR%\explorer.exe
- %APPDATA%\microsoft\reghost.exe
- '18#.#37.234.33':8080
- http://18#.##7.234.33:8080/hs via 18#.#37.234.33
- '%WINDIR%\bfsvc.exe' -log 0 -nvdo 1 -pool etc.2miners.com:1010 -wal 0x6543c6DE3751db3645ae1453D8b4181bF015e32f -coin etc -worker Worchik -cclock +500 -cvddc +500
- '%WINDIR%\explorer.exe' "easyminer_def" "" "EasyMiner" "etc" 1