Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Security Server' = '<Full path to file>'
- '%APPDATA%\MicroMon\curl.exe' -o pool.minexmr.com:4444 -u 48dy2TwVwJhMUp6MMxKtaZMzT5vF6vHXsdQ8kaQ6fbnqdxRCLJN88q6Dyhpmz5uP6m3UoKcNFhwjMCvyM2WfMwZTJmgZQhi -p x
- '%APPDATA%\MicroMon\curl.exe' (downloaded from the Internet)
- %APPDATA%\MicroMon\curl.exe
- 'bi##nex.co':80
- 'wp#d':80
- http://bi##nex.co/images/curl.exe
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK bi##nex.co
- DNS ASK wp#d