Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AppVContainer' = '<Full path to file>'
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%LOCALAPPDATA%\BitLocker\WinRing0x64.sys'
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %LOCALAPPDATA%\bitlocker\bitlockerservice.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ap#.#pify.org
- DNS ASK po##.#ashvault.pro
- '%LOCALAPPDATA%\bitlocker\bitlockerservice.exe' --cpu-affinity 0xf --donate-level=1 --coin=monero -o pool.hashvault.pro:80 -u 48q18j6uQXLWUaCP2zbyzNK5g26Q4mcLPXFeUMxufU6Y8hGrLM8Bho2MAbV1mxHKYZjDBtR5kuZu14Gk5qiHC3yQPhiMPwe -p 95.211.190.197
- '%LOCALAPPDATA%\bitlocker\bitlockerservice.exe' --cpu-affinity 0xf --donate-level=1 --coin=monero -o pool.hashvault.pro:80 -u 48q18j6uQXLWUaCP2zbyzNK5g26Q4mcLPXFeUMxufU6Y8hGrLM8Bho2MAbV1mxHKYZjDBtR5kuZu14Gk5qiHC3yQPhiMPwe -p 95.211.190.197' (with hidden window)