Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Kitserver.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=3492
- '%APPDATA%\Mining\coin-miner.exe' /pid=7072
- '%APPDATA%\Mining\coin-miner.exe' /pid=4484
- '%APPDATA%\Mining\coin-miner.exe' /pid=5104
- '%APPDATA%\Mining\coin-miner.exe' /pid=7192
- '%APPDATA%\Mining\coin-miner.exe' /pid=6288
- '%APPDATA%\Mining\coin-miner.exe' /pid=3092
- '%APPDATA%\Mining\coin-miner.exe' /pid=6308
- '%APPDATA%\Mining\coin-miner.exe' /pid=6372
- '%APPDATA%\Mining\coin-miner.exe' /pid=6672
- '%APPDATA%\Mining\coin-miner.exe' /pid=6472
- '%APPDATA%\Mining\coin-miner.exe' /pid=8112
- '%APPDATA%\Mining\coin-miner.exe' /pid=5408
- '%APPDATA%\Mining\coin-miner.exe' /pid=5224
- '%APPDATA%\Mining\coin-miner.exe' /pid=8108
- '%APPDATA%\Mining\coin-miner.exe' /pid=7592
- '%APPDATA%\Mining\coin-miner.exe' /pid=7684
- '%APPDATA%\Mining\coin-miner.exe' /pid=7652
- '%APPDATA%\Mining\coin-miner.exe' /pid=4512
- '%APPDATA%\Mining\coin-miner.exe' /pid=7932
- '%APPDATA%\Mining\coin-miner.exe' /pid=7108
- '%APPDATA%\Mining\coin-miner.exe' /pid=6704
- '%APPDATA%\Mining\coin-miner.exe' /pid=7572
- '%APPDATA%\Mining\coin-miner.exe' /pid=7444
- '%APPDATA%\Mining\coin-miner.exe' /pid=6908
- '%APPDATA%\Mining\coin-miner.exe' /pid=6552
- '%APPDATA%\Mining\coin-miner.exe' /pid=3200
- '%APPDATA%\Mining\coin-miner.exe' /pid=6468
- '%APPDATA%\Mining\coin-miner.exe' /pid=6632
- '%APPDATA%\Mining\coin-miner.exe' /pid=4132
- '%APPDATA%\Mining\coin-miner.exe' /pid=6448
- '%APPDATA%\Mining\coin-miner.exe' /pid=484
- '%APPDATA%\Mining\coin-miner.exe' /pid=6912
- '%APPDATA%\Mining\coin-miner.exe' /pid=5416
- '%APPDATA%\Mining\coin-miner.exe' /pid=2508
- '%APPDATA%\Mining\coin-miner.exe' /pid=1916
- '%APPDATA%\Mining\coin-miner.exe' /pid=7852
- '%APPDATA%\Mining\coin-miner.exe' /pid=7288
- '%APPDATA%\Mining\coin-miner.exe' /pid=6548
- '%APPDATA%\Mining\coin-miner.exe' /pid=6488
- '%APPDATA%\Mining\coin-miner.exe' /pid=8168
- '%APPDATA%\Mining\coin-miner.exe' /pid=5908
- '%APPDATA%\Mining\coin-miner.exe' /pid=3112
- '%APPDATA%\Mining\coin-miner.exe' /pid=7432
- '%APPDATA%\Mining\coin-miner.exe' /pid=3232
- '%APPDATA%\Mining\coin-miner.exe' /pid=724
- '%APPDATA%\Mining\coin-miner.exe' /pid=5508
- '%APPDATA%\Mining\coin-miner.exe' /pid=4824
- '%APPDATA%\Mining\coin-miner.exe' /pid=7212
- '%APPDATA%\Mining\coin-miner.exe' /pid=3412
- '%APPDATA%\Mining\coin-miner.exe' /pid=4080
- '%APPDATA%\Mining\coin-miner.exe' /pid=2912
- '%APPDATA%\Mining\coin-miner.exe' /pid=6648
- '%APPDATA%\Mining\coin-miner.exe' /pid=6368
- '%APPDATA%\Mining\coin-miner.exe' /pid=3712
- '%APPDATA%\Mining\coin-miner.exe' /pid=6608
- '%APPDATA%\Mining\coin-miner.exe' /pid=7848
- '%APPDATA%\Mining\coin-miner.exe' /pid=8132
- '%APPDATA%\Mining\coin-miner.exe' /pid=5212
- '%APPDATA%\Mining\coin-miner.exe' /pid=7792
- '%APPDATA%\Mining\coin-miner.exe' /pid=6924
- '%APPDATA%\Mining\coin-miner.exe' /pid=4584
- '%APPDATA%\Mining\coin-miner.exe' /pid=7304
- '%APPDATA%\Mining\coin-miner.exe' /pid=5468
- '%APPDATA%\Mining\coin-miner.exe' /pid=6268
- '%APPDATA%\Mining\coin-miner.exe' /pid=6588
- '%APPDATA%\Mining\coin-miner.exe' /pid=7188
- '%APPDATA%\Mining\coin-miner.exe' /pid=3700
- '%APPDATA%\Mining\coin-miner.exe' /pid=6868
- '%APPDATA%\Mining\coin-miner.exe' /pid=4212
- '%APPDATA%\Mining\coin-miner.exe' /pid=4112
- '%APPDATA%\Mining\coin-miner.exe' /pid=7168
- '%APPDATA%\Mining\coin-miner.exe' /pid=7528
- '%APPDATA%\Mining\coin-miner.exe' /pid=7524
- '%APPDATA%\Mining\coin-miner.exe' /pid=7628
- '%APPDATA%\Mining\coin-miner.exe' /pid=7384
- '%APPDATA%\Mining\coin-miner.exe' /pid=7008
- '%APPDATA%\Mining\coin-miner.exe' /pid=7264
- '%APPDATA%\Mining\coin-miner.exe' /pid=7308
- '%APPDATA%\Mining\coin-miner.exe' /pid=6348
- '%APPDATA%\Mining\coin-miner.exe' /pid=6888
- '%APPDATA%\Mining\coin-miner.exe' /pid=5796
- '%APPDATA%\Mining\coin-miner.exe' /pid=5696
- '%APPDATA%\Mining\coin-miner.exe' /pid=6508
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://Si###########ch:gw1234nf@api.polmine.pl:8347 -T 83 -l yes -t 1
- '%APPDATA%\Mining\coin-miner.exe' /pid=6932
- '%APPDATA%\Mining\coin-miner.exe' /pid=6168
- '%APPDATA%\Mining\coin-miner.exe' /pid=5596
- '%APPDATA%\Mining\coin-miner.exe' /pid=4792
- '%APPDATA%\Mining\coin-miner.exe' /pid=4592
- '%APPDATA%\Mining\coin-miner.exe' /pid=4492
- '%APPDATA%\Mining\coin-miner.exe' /pid=4892
- '%APPDATA%\Mining\coin-miner.exe' /pid=5396
- '%APPDATA%\Mining\coin-miner.exe' /pid=5292
- '%APPDATA%\Mining\coin-miner.exe' /pid=6428
- '%APPDATA%\Mining\coin-miner.exe' /pid=7664
- '%APPDATA%\Mining\coin-miner.exe' /pid=6992
- '%APPDATA%\Mining\coin-miner.exe' /pid=3732
- '%APPDATA%\Mining\coin-miner.exe' /pid=3612
- '%APPDATA%\Mining\coin-miner.exe' /pid=2932
- '%APPDATA%\Mining\coin-miner.exe' /pid=5192
- '%APPDATA%\Mining\coin-miner.exe' /pid=6328
- '%APPDATA%\Mining\coin-miner.exe' /pid=6388
- '%APPDATA%\Mining\coin-miner.exe' /pid=2640
- '%APPDATA%\Mining\coin-miner.exe' /pid=5968
- '%APPDATA%\Mining\coin-miner.exe' /pid=6076
- '%APPDATA%\Mining\coin-miner.exe' /pid=6804
- '%APPDATA%\Mining\coin-miner.exe' /pid=5888
- '%APPDATA%\Mining\coin-miner.exe' /pid=3060
- '%APPDATA%\Mining\coin-miner.exe' /pid=4604
- '%APPDATA%\Mining\coin-miner.exe' /pid=4904
- '%APPDATA%\Mining\coin-miner.exe' /pid=4692
- '%APPDATA%\Mining\coin-miner.exe' /pid=8028
- '%APPDATA%\Mining\coin-miner.exe' /pid=8044
- '%APPDATA%\Mining\coin-miner.exe' /pid=8188
- '%APPDATA%\Mining\coin-miner.exe' /pid=7924
- '%APPDATA%\Mining\coin-miner.exe' /pid=7708
- '%APPDATA%\Mining\coin-miner.exe' /pid=7784
- '%APPDATA%\Mining\coin-miner.exe' /pid=7928
- '%APPDATA%\Mining\coin-miner.exe' /pid=8184
- '%APPDATA%\Mining\coin-miner.exe' /pid=6568
- '%APPDATA%\Mining\coin-miner.exe' /pid=6528
- '%APPDATA%\Mining\coin-miner.exe' /pid=6408
- '%APPDATA%\Mining\coin-miner.exe' /pid=6096
- '%APPDATA%\Mining\coin-miner.exe' /pid=6252
- '%APPDATA%\Mining\coin-miner.exe' /pid=6188
- '%APPDATA%\Mining\coin-miner.exe' /pid=6752
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\Kitserver.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'