Ran this on a fresh laptop under ap-isolation.
The file copies itself to %appdata% and then sends a single packet to a TCP port on this host: furrycoat2.no-ip.biz (99.61.161.210)
Then it sits listening to port 1640
I made a dummy %appdata%/bitcoin/wallet.dat file with the word "fuckyou" in it and it doesn't seem to have been touched
so this would only affect individuals who have localized bitcoin wallets running on their machines?
would it intercept the coin between nodes?
are cloud based wallets affected at all?
I just got the same PM from you cryptograd. Watch out.