Trojan.winrule
*file
C:\Program Files\winrule\Uninstall.exe
C:\Program Files\winrule\WinRule.exe
C:\Program Files\winrule\WinRuleSync.exe
C:\Program Files\winrule\WinRuleSync_.exe
C:\Program Files\winrule\winruletask.exe
C:\Program Files\winrule\winruletask_.exe
C:\Program Files\winrule\WinRule_.exe
*reg_key
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Window Rules Manager
HKLM\SOFTWARE\okwinrule
HKLM\SYSTEM\CurrentControlSet\Services\WinRuleSvc
HKLM\SYSTEM\CurrentControlSet\Services\WinRuleSvc2
Trojan. BitCoinMiner
*file
c:\users\{USERNAME}\appdata\roaming\nscpucnminer\pools.txt
c:\users\{USERNAME}\appdata\roaming\nscpucnminer\nscpucnminer64.exe
c:\users\{USERNAME}\appdata\roaming\nscpucnminer\nscpucnminer32.exe
c:\users\{USERNAME}\appdata\roaming\img001.exe
c:\users\{USERNAME}\appdata\roaming\snappy\snappy.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\img001.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\img002.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\nscpucnminer32.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\pools.txt
*reg_key
HKCU\SOFTWARE\bifrost
HKCU\SOFTWARE\snappy
*reg_val
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\run | c:\users\{USERNAME}\appdata\roaming\nscpucnminer\img001.exe