Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Dakaveli.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=7584
- '%APPDATA%\Mining\coin-miner.exe' /pid=7384
- '%APPDATA%\Mining\coin-miner.exe' /pid=7724
- '%APPDATA%\Mining\coin-miner.exe' /pid=7824
- '%APPDATA%\Mining\coin-miner.exe' /pid=7304
- '%APPDATA%\Mining\coin-miner.exe' /pid=7024
- '%APPDATA%\Mining\coin-miner.exe' /pid=7300
- '%APPDATA%\Mining\coin-miner.exe' /pid=7144
- '%APPDATA%\Mining\coin-miner.exe' /pid=7944
- '%APPDATA%\Mining\coin-miner.exe' /pid=4892
- '%APPDATA%\Mining\coin-miner.exe' /pid=6204
- '%APPDATA%\Mining\coin-miner.exe' /pid=2576
- '%APPDATA%\Mining\coin-miner.exe' /pid=6208
- '%APPDATA%\Mining\coin-miner.exe' /pid=8164
- '%APPDATA%\Mining\coin-miner.exe' /pid=7984
- '%APPDATA%\Mining\coin-miner.exe' /pid=8180
- '%APPDATA%\Mining\coin-miner.exe' /pid=8104
- '%APPDATA%\Mining\coin-miner.exe' /pid=6228
- '%APPDATA%\Mining\coin-miner.exe' /pid=176
- '%APPDATA%\Mining\coin-miner.exe' /pid=6184
- '%APPDATA%\Mining\coin-miner.exe' /pid=4992
- '%APPDATA%\Mining\coin-miner.exe' /pid=8184
- '%APPDATA%\Mining\coin-miner.exe' /pid=6140
- '%APPDATA%\Mining\coin-miner.exe' /pid=2528
- '%APPDATA%\Mining\coin-miner.exe' /pid=4884
- '%APPDATA%\Mining\coin-miner.exe' /pid=6344
- '%APPDATA%\Mining\coin-miner.exe' /pid=6780
- '%APPDATA%\Mining\coin-miner.exe' /pid=6684
- '%APPDATA%\Mining\coin-miner.exe' /pid=6940
- '%APPDATA%\Mining\coin-miner.exe' /pid=6844
- '%APPDATA%\Mining\coin-miner.exe' /pid=6400
- '%APPDATA%\Mining\coin-miner.exe' /pid=6404
- '%APPDATA%\Mining\coin-miner.exe' /pid=6600
- '%APPDATA%\Mining\coin-miner.exe' /pid=6604
- '%APPDATA%\Mining\coin-miner.exe' /pid=6860
- '%APPDATA%\Mining\coin-miner.exe' /pid=6820
- '%APPDATA%\Mining\coin-miner.exe' /pid=7644
- '%APPDATA%\Mining\coin-miner.exe' /pid=7228
- '%APPDATA%\Mining\coin-miner.exe' /pid=6288
- '%APPDATA%\Mining\coin-miner.exe' /pid=6384
- '%APPDATA%\Mining\coin-miner.exe' /pid=6568
- '%APPDATA%\Mining\coin-miner.exe' /pid=6668
- '%APPDATA%\Mining\coin-miner.exe' /pid=7468
- '%APPDATA%\Mining\coin-miner.exe' /pid=5724
- '%APPDATA%\Mining\coin-miner.exe' /pid=6224
- '%APPDATA%\Mining\coin-miner.exe' /pid=6268
- '%APPDATA%\Mining\coin-miner.exe' /pid=6420
- '%APPDATA%\Mining\coin-miner.exe' /pid=7180
- '%APPDATA%\Mining\coin-miner.exe' /pid=7700
- '%APPDATA%\Mining\coin-miner.exe' /pid=8100
- '%APPDATA%\Mining\coin-miner.exe' /pid=7968
- '%APPDATA%\Mining\coin-miner.exe' /pid=7064
- '%APPDATA%\Mining\coin-miner.exe' /pid=7048
- '%APPDATA%\Mining\coin-miner.exe' /pid=7308
- '%APPDATA%\Mining\coin-miner.exe' /pid=7564
- '%APPDATA%\Mining\coin-miner.exe' /pid=6320
- '%APPDATA%\Mining\coin-miner.exe' /pid=6468
- '%APPDATA%\Mining\coin-miner.exe' /pid=7100
- '%APPDATA%\Mining\coin-miner.exe' /pid=6548
- '%APPDATA%\Mining\coin-miner.exe' /pid=7368
- '%APPDATA%\Mining\coin-miner.exe' /pid=3940
- '%APPDATA%\Mining\coin-miner.exe' /pid=8108
- '%APPDATA%\Mining\coin-miner.exe' /pid=8160
- '%APPDATA%\Mining\coin-miner.exe' /pid=8064
- '%APPDATA%\Mining\coin-miner.exe' /pid=7440
- '%APPDATA%\Mining\coin-miner.exe' /pid=7280
- '%APPDATA%\Mining\coin-miner.exe' /pid=8000
- '%APPDATA%\Mining\coin-miner.exe' /pid=7888
- '%APPDATA%\Mining\coin-miner.exe' /pid=2868
- '%APPDATA%\Mining\coin-miner.exe' /pid=4812
- '%APPDATA%\Mining\coin-miner.exe' /pid=5712
- '%APPDATA%\Mining\coin-miner.exe' /pid=6072
- '%APPDATA%\Mining\coin-miner.exe' /pid=5432
- '%APPDATA%\Mining\coin-miner.exe' /pid=5344
- '%APPDATA%\Mining\coin-miner.exe' /pid=4440
- '%APPDATA%\Mining\coin-miner.exe' /pid=5444
- '%APPDATA%\Mining\coin-miner.exe' /pid=6044
- '%APPDATA%\Mining\coin-miner.exe' /pid=3340
- '%APPDATA%\Mining\coin-miner.exe' /pid=3120
- '%APPDATA%\Mining\coin-miner.exe' /pid=1000
- '%APPDATA%\Mining\coin-miner.exe' /pid=3740
- '%APPDATA%\Mining\coin-miner.exe' /pid=4408
- '%APPDATA%\Mining\coin-miner.exe' /pid=5012
- '%APPDATA%\Mining\coin-miner.exe' /pid=3140
- '%APPDATA%\Mining\coin-miner.exe' /pid=3168
- '%APPDATA%\Mining\coin-miner.exe' /pid=3428
- '%APPDATA%\Mining\coin-miner.exe' /pid=5972
- '%APPDATA%\Mining\coin-miner.exe' /pid=5164
- '%APPDATA%\Mining\coin-miner.exe' /pid=4712
- '%APPDATA%\Mining\coin-miner.exe' /pid=5412
- '%APPDATA%\Mining\coin-miner.exe' /pid=2468
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://1A################uMWJpmBcS2GyHoB7:x@getwork.mining.eligius.st:8337 -T 83 -l yes -t 2
- '%APPDATA%\Mining\coin-miner.exe' /pid=756
- '%APPDATA%\Mining\coin-miner.exe' /pid=1092
- '%APPDATA%\Mining\coin-miner.exe' /pid=564
- '%APPDATA%\Mining\coin-miner.exe' /pid=3040
- '%APPDATA%\Mining\coin-miner.exe' /pid=3920
- '%APPDATA%\Mining\coin-miner.exe' /pid=3100
- '%APPDATA%\Mining\coin-miner.exe' /pid=3748
- '%APPDATA%\Mining\coin-miner.exe' /pid=488
- '%APPDATA%\Mining\coin-miner.exe' /pid=4348
- '%APPDATA%\Mining\coin-miner.exe' /pid=5332
- '%APPDATA%\Mining\coin-miner.exe' /pid=5364
- '%APPDATA%\Mining\coin-miner.exe' /pid=5512
- '%APPDATA%\Mining\coin-miner.exe' /pid=2436
- '%APPDATA%\Mining\coin-miner.exe' /pid=4944
- '%APPDATA%\Mining\coin-miner.exe' /pid=4360
- '%APPDATA%\Mining\coin-miner.exe' /pid=6132
- '%APPDATA%\Mining\coin-miner.exe' /pid=5064
- '%APPDATA%\Mining\coin-miner.exe' /pid=3620
- '%APPDATA%\Mining\coin-miner.exe' /pid=2628
- '%APPDATA%\Mining\coin-miner.exe' /pid=3368
- '%APPDATA%\Mining\coin-miner.exe' /pid=5144
- '%APPDATA%\Mining\coin-miner.exe' /pid=3648
- '%APPDATA%\Mining\coin-miner.exe' /pid=5864
- '%APPDATA%\Mining\coin-miner.exe' /pid=3020
- '%APPDATA%\Mining\coin-miner.exe' /pid=3328
- '%APPDATA%\Mining\coin-miner.exe' /pid=1172
- '%APPDATA%\Mining\coin-miner.exe' /pid=5744
- '%APPDATA%\Mining\coin-miner.exe' /pid=4984
- '%APPDATA%\Mining\coin-miner.exe' /pid=5392
- '%APPDATA%\Mining\coin-miner.exe' /pid=5624
- '%APPDATA%\Mining\coin-miner.exe' /pid=4248
- '%APPDATA%\Mining\coin-miner.exe' /pid=4228
- '%APPDATA%\Mining\coin-miner.exe' /pid=4544
- '%APPDATA%\Mining\coin-miner.exe' /pid=4864
- '%APPDATA%\Mining\coin-miner.exe' /pid=5424
- '%APPDATA%\Mining\coin-miner.exe' /pid=5824
- '%APPDATA%\Mining\coin-miner.exe' /pid=2648
- '%APPDATA%\Mining\coin-miner.exe' /pid=2920
- '%APPDATA%\Mining\coin-miner.exe' /pid=2940
- '%APPDATA%\Mining\coin-miner.exe' /pid=2736
- '%APPDATA%\Mining\coin-miner.exe' /pid=4128
- '%APPDATA%\Mining\coin-miner.exe' /pid=5212
- '%APPDATA%\Mining\coin-miner.exe' /pid=3320
- '%APPDATA%\Mining\coin-miner.exe' /pid=5832
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\Dakaveli.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'