Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FKrASuwdij' = '"<LS_APPDATA>\pCFRvNwHIB\svchosth.exe"'
- '<SYSTEM32>\svchost.exe' -o xmr.pool.minergate.com:45560 -u crsgianluca@gmail.com -p Diocane91 -v 0 -t 2
- <SYSTEM32>\svchost.exe
- <LS_APPDATA>\pCFRvNwHIB\svchosth.exe
- 'xm#.###l.minergate.com':45560
- 'localhost':8080
- DNS ASK xm#.###l.minergate.com