Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Abcdef Hijklmno Qrs] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Abcdef Hijklmno Qrs] 'ImagePath' = '%WINDIR%\eiwuiw.exe'
- %WINDIR%\eiwuiw.exe
- '45.##5.237.3':8080
- http://45.###.237.3:280/xmrig64.exe via 45.##5.237.3
- '%WINDIR%\eiwuiw.exe'