Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winsrv.exe' = '%APPDATA%\winsrv.exe'
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\winminer.exe -o stratum+tcp://bcn.pool.minergate.com:45550 -u leva.picasso@ex.ua -p x -t 1 -g no
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\winminer.exe -o http://mi####.eligius.st:8337 -u 1D6PPTTjcuBgnixmxYb5nXMtPjixrhnPnt -p x -t 1 -g no
- %APPDATA%\winminer.exe
- %APPDATA%\winsrv.exe
- 'fi####stonline.com':80
- 'wp#d':80
- http://fi####stonline.com/files/25/bitcoin-miner.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK fi####stonline.com
- DNS ASK wp#d