Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows Security Server' = '<Full path to file>'
- '%APPDATA%\MicroMon\curl.exe' -o pool.minexmr.com:4444 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQskGXnB8t62S8MJCW1 -p x --cpu-affinity 75
- '<Full path to file>'
- '' (downloaded from the Internet)
- %APPDATA%\MicroMon\curl.exe
- '37.##0.116.238':80
- 'wp#d':80
- http://37.##0.116.238/panel/updmr.php
- http://37.##0.116.238/panel/updbt.php
- http://37.##0.116.238/panel/gate.php?ma##########################################################################################################################################################...
- http://11#.#11.111.1/wpad.dat via wp#d
- http://37.##0.116.238/panel/mr/curl.exe
- DNS ASK wp#d