Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Command Process' = '%WINDIR%\<File name>.exe'
- '' (downloaded from the Internet)
- %WINDIR%\<File name>.exe
- %ALLUSERSPROFILE%\Application Data\Windows\logs\cache\logs\winidler.exe
- 'dl.#420.me':80
- http://dl.#420.me/api/host/winidler.exe
- DNS ASK dl.#420.me
- '%ALLUSERSPROFILE%\Application Data\Windows\logs\cache\logs\winidler.exe' --nicehash -o p1.x420.me:3333 -p x --max-cpu-usage=100 --donate-level=1 -B -uCRNJEUFUX86