ESTsecurity describes Venus Locker operators distributing email lures framed as copyright-law complaints to push malware with Monero mining functionality. The attached EGG archive contained shortcut files and an executable; running a shortcut launched the .NET malware laptop.exe instead of simply showing the alleged image evidence. The malware created and injected a copy of itself, persisted through a Run key under the user profile, and injected into system processes such as wuapp.exe, svchost.exe, notepad.exe, or explorer.exe depending on the operating system architecture. The mining command connected to xmr.pool.minergate.com on port 45560 using a Proton Mail address as the miner account. The report matters as an example of socially engineered email attachments combining familiar legal-pressure lures with commodity cryptocurrency-mining payloads.