Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Mining.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=6336
- '%APPDATA%\Mining\coin-miner.exe' /pid=6536
- '%APPDATA%\Mining\coin-miner.exe' /pid=6616
- '%APPDATA%\Mining\coin-miner.exe' /pid=8184
- '%APPDATA%\Mining\coin-miner.exe' /pid=6156
- '%APPDATA%\Mining\coin-miner.exe' /pid=6272
- '%APPDATA%\Mining\coin-miner.exe' /pid=6736
- '%APPDATA%\Mining\coin-miner.exe' /pid=7192
- '%APPDATA%\Mining\coin-miner.exe' /pid=7376
- '%APPDATA%\Mining\coin-miner.exe' /pid=7436
- '%APPDATA%\Mining\coin-miner.exe' /pid=6816
- '%APPDATA%\Mining\coin-miner.exe' /pid=6932
- '%APPDATA%\Mining\coin-miner.exe' /pid=7056
- '%APPDATA%\Mining\coin-miner.exe' /pid=4900
- '%APPDATA%\Mining\coin-miner.exe' /pid=5752
- '%APPDATA%\Mining\coin-miner.exe' /pid=5664
- '%APPDATA%\Mining\coin-miner.exe' /pid=5852
- '%APPDATA%\Mining\coin-miner.exe' /pid=5832
- '%APPDATA%\Mining\coin-miner.exe' /pid=4440
- '%APPDATA%\Mining\coin-miner.exe' /pid=2620
- '%APPDATA%\Mining\coin-miner.exe' /pid=3812
- '%APPDATA%\Mining\coin-miner.exe' /pid=5864
- '%APPDATA%\Mining\coin-miner.exe' /pid=112
- '%APPDATA%\Mining\coin-miner.exe' /pid=4500
- '%APPDATA%\Mining\coin-miner.exe' /pid=1616
- '%APPDATA%\Mining\coin-miner.exe' /pid=4540
- '%APPDATA%\Mining\coin-miner.exe' /pid=5912
- '%APPDATA%\Mining\coin-miner.exe' /pid=720
- '%APPDATA%\Mining\coin-miner.exe' /pid=7548
- '%APPDATA%\Mining\coin-miner.exe' /pid=7252
- '%APPDATA%\Mining\coin-miner.exe' /pid=7040
- '%APPDATA%\Mining\coin-miner.exe' /pid=6972
- '%APPDATA%\Mining\coin-miner.exe' /pid=7076
- '%APPDATA%\Mining\coin-miner.exe' /pid=7660
- '%APPDATA%\Mining\coin-miner.exe' /pid=6376
- '%APPDATA%\Mining\coin-miner.exe' /pid=6172
- '%APPDATA%\Mining\coin-miner.exe' /pid=7140
- '%APPDATA%\Mining\coin-miner.exe' /pid=7900
- '%APPDATA%\Mining\coin-miner.exe' /pid=8080
- '%APPDATA%\Mining\coin-miner.exe' /pid=6800
- '%APPDATA%\Mining\coin-miner.exe' /pid=6832
- '%APPDATA%\Mining\coin-miner.exe' /pid=7980
- '%APPDATA%\Mining\coin-miner.exe' /pid=8044
- '%APPDATA%\Mining\coin-miner.exe' /pid=5704
- '%APPDATA%\Mining\coin-miner.exe' /pid=7664
- '%APPDATA%\Mining\coin-miner.exe' /pid=7764
- '%APPDATA%\Mining\coin-miner.exe' /pid=7904
- '%APPDATA%\Mining\coin-miner.exe' /pid=8164
- '%APPDATA%\Mining\coin-miner.exe' /pid=6780
- '%APPDATA%\Mining\coin-miner.exe' /pid=6820
- '%APPDATA%\Mining\coin-miner.exe' /pid=6760
- '%APPDATA%\Mining\coin-miner.exe' /pid=8180
- '%APPDATA%\Mining\coin-miner.exe' /pid=6240
- '%APPDATA%\Mining\coin-miner.exe' /pid=6300
- '%APPDATA%\Mining\coin-miner.exe' /pid=5068
- '%APPDATA%\Mining\coin-miner.exe' /pid=5732
- '%APPDATA%\Mining\coin-miner.exe' /pid=5532
- '%APPDATA%\Mining\coin-miner.exe' /pid=4032
- '%APPDATA%\Mining\coin-miner.exe' /pid=4420
- '%APPDATA%\Mining\coin-miner.exe' /pid=3740
- '%APPDATA%\Mining\coin-miner.exe' /pid=5000
- '%APPDATA%\Mining\coin-miner.exe' /pid=3752
- '%APPDATA%\Mining\coin-miner.exe' /pid=3332
- '%APPDATA%\Mining\coin-miner.exe' /pid=4320
- '%APPDATA%\Mining\coin-miner.exe' /pid=4208
- '%APPDATA%\Mining\coin-miner.exe' /pid=5304
- '%APPDATA%\Mining\coin-miner.exe' /pid=3252
- '%APPDATA%\Mining\coin-miner.exe' /pid=2856
- '%APPDATA%\Mining\coin-miner.exe' /pid=4788
- '%APPDATA%\Mining\coin-miner.exe' /pid=4188
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://ka##############ebest2:0745a97e@eu.triplemining.com:3334 -T 90 -l yes
- '%APPDATA%\Mining\coin-miner.exe' /pid=5124
- '%APPDATA%\Mining\coin-miner.exe' /pid=5112
- '%APPDATA%\Mining\coin-miner.exe' /pid=1100
- '%APPDATA%\Mining\coin-miner.exe' /pid=2928
- '%APPDATA%\Mining\coin-miner.exe' /pid=1620
- '%APPDATA%\Mining\coin-miner.exe' /pid=4620
- '%APPDATA%\Mining\coin-miner.exe' /pid=1140
- '%APPDATA%\Mining\coin-miner.exe' /pid=3132
- '%APPDATA%\Mining\coin-miner.exe' /pid=3032
- '%APPDATA%\Mining\coin-miner.exe' /pid=2720
- '%APPDATA%\Mining\coin-miner.exe' /pid=4288
- '%APPDATA%\Mining\coin-miner.exe' /pid=5452
- '%APPDATA%\Mining\coin-miner.exe' /pid=6004
- '%APPDATA%\Mining\coin-miner.exe' /pid=5192
- '%APPDATA%\Mining\coin-miner.exe' /pid=5204
- '%APPDATA%\Mining\coin-miner.exe' /pid=2560
- '%APPDATA%\Mining\coin-miner.exe' /pid=5904
- '%APPDATA%\Mining\coin-miner.exe' /pid=3940
- '%APPDATA%\Mining\coin-miner.exe' /pid=5104
- '%APPDATA%\Mining\coin-miner.exe' /pid=5292
- '%APPDATA%\Mining\coin-miner.exe' /pid=5504
- '%APPDATA%\Mining\coin-miner.exe' /pid=6084
- '%APPDATA%\Mining\coin-miner.exe' /pid=5332
- '%APPDATA%\Mining\coin-miner.exe' /pid=3832
- '%APPDATA%\Mining\coin-miner.exe' /pid=5684
- '%APPDATA%\Mining\coin-miner.exe' /pid=5764
- '%APPDATA%\Mining\coin-miner.exe' /pid=4120
- '%APPDATA%\Mining\coin-miner.exe' /pid=5604
- '%APPDATA%\Mining\coin-miner.exe' /pid=3932
- '%APPDATA%\Mining\coin-miner.exe' /pid=5152
- '%APPDATA%\Mining\coin-miner.exe' /pid=3160
- '%APPDATA%\Mining\coin-miner.exe' /pid=5432
- '%APPDATA%\Mining\coin-miner.exe' /pid=3852
- '%APPDATA%\Mining\coin-miner.exe' /pid=4600
- '%APPDATA%\Mining\coin-miner.exe' /pid=3612
- '%APPDATA%\Mining\coin-miner.exe' /pid=6032
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\Mining.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'