Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '*nix Service Application' = '"%APPDATA%\servapp.exe"'
- '%APPDATA%\servapp.exe' (2del[<Full path to file>])
- '%APPDATA%\servapp.exe' (2del[<Full path to file>])
- servapp.exe
- %APPDATA%\servapp.exe
- 'o0##coin.us':80
- 'ap#.#pify.org':443
- 'wp#d':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://o0##coin.us/ttt/gate.php
- DNS ASK o0##coin.us
- DNS ASK ap#.#pify.org
- DNS ASK wp#d