Trojan.nscpucnminer
*file
c:\users\{USERNAME}\appdata\roaming\nscpucnminer\pools.txt
c:\users\{USERNAME}\appdata\roaming\nscpucnminer\nscpucnminer64.exe
c:\users\{USERNAME}\appdata\roaming\nscpucnminer\nscpucnminer32.exe
c:\users\{USERNAME}\appdata\roaming\microsoft\windows\start menu\programs\startup\run.lnk
c:\users\{USERNAME}\appdata\roaming\snappy\snappy.exe
c:\users\{USERNAME}\desktop\snappy.lnk
c:\users\{USERNAME}\appdata\roaming\nsminer\img001.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\img002.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\nscpucnminer32.exe
c:\users\{USERNAME}\appdata\roaming\nsminer\pools.txt
*reg_val
HKCU\software\microsoft\windows\currentversion\run:c:\users\{USERNAME}\appdata\roaming\nscpucnminer\img001.exe
*reg_key
HKCU\software\bifrost
HKCU\software\snappy