Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Default' = '%APPDATA%/xMWFE/insidminer.exe'
- %APPDATA%\xMWFE\program.exe -I 100 -T 85 -t 4 -o http://ze##############l.com_cviper:sisolele3@pool.50btc.com:8332
- %APPDATA%\xMWFE\program.exe (downloaded from the Internet)
- %APPDATA%\xMWFE\usft_ext.dll
- %APPDATA%\xMWFE\coinutil.dll
- %APPDATA%\xMWFE\insidminer.exe
- %APPDATA%\xMWFE\phatk.ptx
- %APPDATA%\xMWFE\program.exe
- %APPDATA%\xMWFE\miner.dll
- %APPDATA%\xMWFE\phatk.cl
- '17#.#08.248.50':80
- 'wp#d':80
- 17#.#08.248.50/miner/phatk.ptx
- 17#.#08.248.50/miner/usft_ext.dll
- 17#.#08.248.50/miner/coinutil.dll
- 17#.#08.248.50/miner/phatk.cl
- wp#d/wpad.dat
- 17#.#08.248.50/miner/program.exe
- 17#.#08.248.50/miner/miner.dll
- DNS ASK wp#d