https://github.com/nicehash/NiceHashMinerLegacy/issues/555Very interesting discovery
OK - I was surprised to see that NiceHashMiner queiries the registry about 60 THOUSAND times a minute! Some of the query types might be worrying - e.g. it has a mailto check, and it searches all the private certificate locations e.g. Root and CA.
Considering there is full NHM Legacy source available on GitHub, just point out which part of the code is malicious. Until then, I suggest you to study more about computer tech so you will be able to better understand what, when and why is needed for software to properly work.