Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Mining.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=6928
- '%APPDATA%\Mining\coin-miner.exe' /pid=5388
- '%APPDATA%\Mining\coin-miner.exe' /pid=4136
- '%APPDATA%\Mining\coin-miner.exe' /pid=4068
- '%APPDATA%\Mining\coin-miner.exe' /pid=7128
- '%APPDATA%\Mining\coin-miner.exe' /pid=4588
- '%APPDATA%\Mining\coin-miner.exe' /pid=6296
- '%APPDATA%\Mining\coin-miner.exe' /pid=4976
- '%APPDATA%\Mining\coin-miner.exe' /pid=7260
- '%APPDATA%\Mining\coin-miner.exe' /pid=7920
- '%APPDATA%\Mining\coin-miner.exe' /pid=7420
- '%APPDATA%\Mining\coin-miner.exe' /pid=6760
- '%APPDATA%\Mining\coin-miner.exe' /pid=2776
- '%APPDATA%\Mining\coin-miner.exe' /pid=6960
- '%APPDATA%\Mining\coin-miner.exe' /pid=6276
- '%APPDATA%\Mining\coin-miner.exe' /pid=7640
- '%APPDATA%\Mining\coin-miner.exe' /pid=7768
- '%APPDATA%\Mining\coin-miner.exe' /pid=8108
- '%APPDATA%\Mining\coin-miner.exe' /pid=7400
- '%APPDATA%\Mining\coin-miner.exe' /pid=7188
- '%APPDATA%\Mining\coin-miner.exe' /pid=6840
- '%APPDATA%\Mining\coin-miner.exe' /pid=7520
- '%APPDATA%\Mining\coin-miner.exe' /pid=7700
- '%APPDATA%\Mining\coin-miner.exe' /pid=6264
- '%APPDATA%\Mining\coin-miner.exe' /pid=6604
- '%APPDATA%\Mining\coin-miner.exe' /pid=6584
- '%APPDATA%\Mining\coin-miner.exe' /pid=6488
- '%APPDATA%\Mining\coin-miner.exe' /pid=7820
- '%APPDATA%\Mining\coin-miner.exe' /pid=8060
- '%APPDATA%\Mining\coin-miner.exe' /pid=8180
- '%APPDATA%\Mining\coin-miner.exe' /pid=7908
- '%APPDATA%\Mining\coin-miner.exe' /pid=6688
- '%APPDATA%\Mining\coin-miner.exe' /pid=5296
- '%APPDATA%\Mining\coin-miner.exe' /pid=4988
- '%APPDATA%\Mining\coin-miner.exe' /pid=7240
- '%APPDATA%\Mining\coin-miner.exe' /pid=5668
- '%APPDATA%\Mining\coin-miner.exe' /pid=7868
- '%APPDATA%\Mining\coin-miner.exe' /pid=7600
- '%APPDATA%\Mining\coin-miner.exe' /pid=4888
- '%APPDATA%\Mining\coin-miner.exe' /pid=7500
- '%APPDATA%\Mining\coin-miner.exe' /pid=7760
- '%APPDATA%\Mining\coin-miner.exe' /pid=5396
- '%APPDATA%\Mining\coin-miner.exe' /pid=3644
- '%APPDATA%\Mining\coin-miner.exe' /pid=3552
- '%APPDATA%\Mining\coin-miner.exe' /pid=4388
- '%APPDATA%\Mining\coin-miner.exe' /pid=8084
- '%APPDATA%\Mining\coin-miner.exe' /pid=6364
- '%APPDATA%\Mining\coin-miner.exe' /pid=5516
- '%APPDATA%\Mining\coin-miner.exe' /pid=6788
- '%APPDATA%\Mining\coin-miner.exe' /pid=7980
- '%APPDATA%\Mining\coin-miner.exe' /pid=7924
- '%APPDATA%\Mining\coin-miner.exe' /pid=6368
- '%APPDATA%\Mining\coin-miner.exe' /pid=3392
- '%APPDATA%\Mining\coin-miner.exe' /pid=6404
- '%APPDATA%\Mining\coin-miner.exe' /pid=4968
- '%APPDATA%\Mining\coin-miner.exe' /pid=6020
- '%APPDATA%\Mining\coin-miner.exe' /pid=7628
- '%APPDATA%\Mining\coin-miner.exe' /pid=4036
- '%APPDATA%\Mining\coin-miner.exe' /pid=7068
- '%APPDATA%\Mining\coin-miner.exe' /pid=7048
- '%APPDATA%\Mining\coin-miner.exe' /pid=4488
- '%APPDATA%\Mining\coin-miner.exe' /pid=7064
- '%APPDATA%\Mining\coin-miner.exe' /pid=6684
- '%APPDATA%\Mining\coin-miner.exe' /pid=7140
- '%APPDATA%\Mining\coin-miner.exe' /pid=6984
- '%APPDATA%\Mining\coin-miner.exe' /pid=5496
- '%APPDATA%\Mining\coin-miner.exe' /pid=6884
- '%APPDATA%\Mining\coin-miner.exe' /pid=7004
- '%APPDATA%\Mining\coin-miner.exe' /pid=7324
- '%APPDATA%\Mining\coin-miner.exe' /pid=7720
- '%APPDATA%\Mining\coin-miner.exe' /pid=7804
- '%APPDATA%\Mining\coin-miner.exe' /pid=8064
- '%APPDATA%\Mining\coin-miner.exe' /pid=7584
- '%APPDATA%\Mining\coin-miner.exe' /pid=7204
- '%APPDATA%\Mining\coin-miner.exe' /pid=7504
- '%APPDATA%\Mining\coin-miner.exe' /pid=7624
- '%APPDATA%\Mining\coin-miner.exe' /pid=4256
- '%APPDATA%\Mining\coin-miner.exe' /pid=4156
- '%APPDATA%\Mining\coin-miner.exe' /pid=3892
- '%APPDATA%\Mining\coin-miner.exe' /pid=6564
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://xb###.#######@gmail.com_Workers1:worker1@http://pool.50btc.com:8332 -T 83 -l yes
- '%APPDATA%\Mining\coin-miner.exe' /pid=1580
- '%APPDATA%\Mining\coin-miner.exe' /pid=6180
- '%APPDATA%\Mining\coin-miner.exe' /pid=2900
- '%APPDATA%\Mining\coin-miner.exe' /pid=5776
- '%APPDATA%\Mining\coin-miner.exe' /pid=5596
- '%APPDATA%\Mining\coin-miner.exe' /pid=6464
- '%APPDATA%\Mining\coin-miner.exe' /pid=6344
- '%APPDATA%\Mining\coin-miner.exe' /pid=2768
- '%APPDATA%\Mining\coin-miner.exe' /pid=6040
- '%APPDATA%\Mining\coin-miner.exe' /pid=6484
- '%APPDATA%\Mining\coin-miner.exe' /pid=3764
- '%APPDATA%\Mining\coin-miner.exe' /pid=3164
- '%APPDATA%\Mining\coin-miner.exe' /pid=3452
- '%APPDATA%\Mining\coin-miner.exe' /pid=2964
- '%APPDATA%\Mining\coin-miner.exe' /pid=6324
- '%APPDATA%\Mining\coin-miner.exe' /pid=5696
- '%APPDATA%\Mining\coin-miner.exe' /pid=7148
- '%APPDATA%\Mining\coin-miner.exe' /pid=4168
- '%APPDATA%\Mining\coin-miner.exe' /pid=6580
- '%APPDATA%\Mining\coin-miner.exe' /pid=7084
- '%APPDATA%\Mining\coin-miner.exe' /pid=6904
- '%APPDATA%\Mining\coin-miner.exe' /pid=6480
- '%APPDATA%\Mining\coin-miner.exe' /pid=4568
- '%APPDATA%\Mining\coin-miner.exe' /pid=4768
- '%APPDATA%\Mining\coin-miner.exe' /pid=5568
- '%APPDATA%\Mining\coin-miner.exe' /pid=5860
- '%APPDATA%\Mining\coin-miner.exe' /pid=6184
- '%APPDATA%\Mining\coin-miner.exe' /pid=4736
- '%APPDATA%\Mining\coin-miner.exe' /pid=6508
- '%APPDATA%\Mining\coin-miner.exe' /pid=7964
- '%APPDATA%\Mining\coin-miner.exe' /pid=8080
- '%APPDATA%\Mining\coin-miner.exe' /pid=5960
- '%APPDATA%\Mining\coin-miner.exe' /pid=4556
- '%APPDATA%\Mining\coin-miner.exe' /pid=2992
- '%APPDATA%\Mining\coin-miner.exe' /pid=5940
- '%APPDATA%\Mining\coin-miner.exe' /pid=920
- '%APPDATA%\Mining\coin-miner.exe' /pid=6200
- '%APPDATA%\Mining\coin-miner.exe' /pid=6260
- '%APPDATA%\Mining\coin-miner.exe' /pid=6240
- '%APPDATA%\Mining\coin-miner.exe' /pid=6220
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\Mining.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1002/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'