Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Mining.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=4340
- '%APPDATA%\Mining\coin-miner.exe' /pid=6184
- '%APPDATA%\Mining\coin-miner.exe' /pid=6564
- '%APPDATA%\Mining\coin-miner.exe' /pid=4740
- '%APPDATA%\Mining\coin-miner.exe' /pid=6148
- '%APPDATA%\Mining\coin-miner.exe' /pid=6168
- '%APPDATA%\Mining\coin-miner.exe' /pid=6328
- '%APPDATA%\Mining\coin-miner.exe' /pid=3712
- '%APPDATA%\Mining\coin-miner.exe' /pid=4852
- '%APPDATA%\Mining\coin-miner.exe' /pid=4652
- '%APPDATA%\Mining\coin-miner.exe' /pid=3180
- '%APPDATA%\Mining\coin-miner.exe' /pid=6284
- '%APPDATA%\Mining\coin-miner.exe' /pid=6244
- '%APPDATA%\Mining\coin-miner.exe' /pid=1548
- '%APPDATA%\Mining\coin-miner.exe' /pid=7864
- '%APPDATA%\Mining\coin-miner.exe' /pid=7048
- '%APPDATA%\Mining\coin-miner.exe' /pid=6680
- '%APPDATA%\Mining\coin-miner.exe' /pid=6760
- '%APPDATA%\Mining\coin-miner.exe' /pid=6744
- '%APPDATA%\Mining\coin-miner.exe' /pid=5184
- '%APPDATA%\Mining\coin-miner.exe' /pid=756
- '%APPDATA%\Mining\coin-miner.exe' /pid=6420
- '%APPDATA%\Mining\coin-miner.exe' /pid=7500
- '%APPDATA%\Mining\coin-miner.exe' /pid=7820
- '%APPDATA%\Mining\coin-miner.exe' /pid=7680
- '%APPDATA%\Mining\coin-miner.exe' /pid=7320
- '%APPDATA%\Mining\coin-miner.exe' /pid=7000
- '%APPDATA%\Mining\coin-miner.exe' /pid=7428
- '%APPDATA%\Mining\coin-miner.exe' /pid=7340
- '%APPDATA%\Mining\coin-miner.exe' /pid=2440
- '%APPDATA%\Mining\coin-miner.exe' /pid=5836
- '%APPDATA%\Mining\coin-miner.exe' /pid=2304
- '%APPDATA%\Mining\coin-miner.exe' /pid=6504
- '%APPDATA%\Mining\coin-miner.exe' /pid=7944
- '%APPDATA%\Mining\coin-miner.exe' /pid=728
- '%APPDATA%\Mining\coin-miner.exe' /pid=6204
- '%APPDATA%\Mining\coin-miner.exe' /pid=7324
- '%APPDATA%\Mining\coin-miner.exe' /pid=7788
- '%APPDATA%\Mining\coin-miner.exe' /pid=3152
- '%APPDATA%\Mining\coin-miner.exe' /pid=7480
- '%APPDATA%\Mining\coin-miner.exe' /pid=3280
- '%APPDATA%\Mining\coin-miner.exe' /pid=4420
- '%APPDATA%\Mining\coin-miner.exe' /pid=5716
- '%APPDATA%\Mining\coin-miner.exe' /pid=8124
- '%APPDATA%\Mining\coin-miner.exe' /pid=6704
- '%APPDATA%\Mining\coin-miner.exe' /pid=4700
- '%APPDATA%\Mining\coin-miner.exe' /pid=7104
- '%APPDATA%\Mining\coin-miner.exe' /pid=4800
- '%APPDATA%\Mining\coin-miner.exe' /pid=5036
- '%APPDATA%\Mining\coin-miner.exe' /pid=5416
- '%APPDATA%\Mining\coin-miner.exe' /pid=6360
- '%APPDATA%\Mining\coin-miner.exe' /pid=7468
- '%APPDATA%\Mining\coin-miner.exe' /pid=8188
- '%APPDATA%\Mining\coin-miner.exe' /pid=5904
- '%APPDATA%\Mining\coin-miner.exe' /pid=7700
- '%APPDATA%\Mining\coin-miner.exe' /pid=7424
- '%APPDATA%\Mining\coin-miner.exe' /pid=7568
- '%APPDATA%\Mining\coin-miner.exe' /pid=7744
- '%APPDATA%\Mining\coin-miner.exe' /pid=6036
- '%APPDATA%\Mining\coin-miner.exe' /pid=6880
- '%APPDATA%\Mining\coin-miner.exe' /pid=6944
- '%APPDATA%\Mining\coin-miner.exe' /pid=7020
- '%APPDATA%\Mining\coin-miner.exe' /pid=6644
- '%APPDATA%\Mining\coin-miner.exe' /pid=5104
- '%APPDATA%\Mining\coin-miner.exe' /pid=6824
- '%APPDATA%\Mining\coin-miner.exe' /pid=6804
- '%APPDATA%\Mining\coin-miner.exe' /pid=7524
- '%APPDATA%\Mining\coin-miner.exe' /pid=7584
- '%APPDATA%\Mining\coin-miner.exe' /pid=7660
- '%APPDATA%\Mining\coin-miner.exe' /pid=7384
- '%APPDATA%\Mining\coin-miner.exe' /pid=7144
- '%APPDATA%\Mining\coin-miner.exe' /pid=7184
- '%APPDATA%\Mining\coin-miner.exe' /pid=7280
- '%APPDATA%\Mining\coin-miner.exe' /pid=3420
- '%APPDATA%\Mining\coin-miner.exe' /pid=6524
- '%APPDATA%\Mining\coin-miner.exe' /pid=3800
- '%APPDATA%\Mining\coin-miner.exe' /pid=4640
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://Fi#########.##wWorker:123@mining.bitcoin.cz:8332 -T 83 -l yes
- '%APPDATA%\Mining\coin-miner.exe' /pid=6224
- '%APPDATA%\Mining\coin-miner.exe' /pid=4720
- '%APPDATA%\Mining\coin-miner.exe' /pid=5604
- '%APPDATA%\Mining\coin-miner.exe' /pid=5404
- '%APPDATA%\Mining\coin-miner.exe' /pid=6264
- '%APPDATA%\Mining\coin-miner.exe' /pid=6304
- '%APPDATA%\Mining\coin-miner.exe' /pid=3320
- '%APPDATA%\Mining\coin-miner.exe' /pid=2904
- '%APPDATA%\Mining\coin-miner.exe' /pid=5964
- '%APPDATA%\Mining\coin-miner.exe' /pid=7704
- '%APPDATA%\Mining\coin-miner.exe' /pid=3252
- '%APPDATA%\Mining\coin-miner.exe' /pid=3132
- '%APPDATA%\Mining\coin-miner.exe' /pid=3112
- '%APPDATA%\Mining\coin-miner.exe' /pid=5504
- '%APPDATA%\Mining\coin-miner.exe' /pid=5884
- '%APPDATA%\Mining\coin-miner.exe' /pid=5784
- '%APPDATA%\Mining\coin-miner.exe' /pid=5704
- '%APPDATA%\Mining\coin-miner.exe' /pid=4512
- '%APPDATA%\Mining\coin-miner.exe' /pid=5136
- '%APPDATA%\Mining\coin-miner.exe' /pid=5816
- '%APPDATA%\Mining\coin-miner.exe' /pid=4132
- '%APPDATA%\Mining\coin-miner.exe' /pid=3432
- '%APPDATA%\Mining\coin-miner.exe' /pid=2624
- '%APPDATA%\Mining\coin-miner.exe' /pid=2860
- '%APPDATA%\Mining\coin-miner.exe' /pid=6548
- '%APPDATA%\Mining\coin-miner.exe' /pid=6308
- '%APPDATA%\Mining\coin-miner.exe' /pid=6428
- '%APPDATA%\Mining\coin-miner.exe' /pid=5324
- '%APPDATA%\Mining\coin-miner.exe' /pid=7800
- '%APPDATA%\Mining\coin-miner.exe' /pid=7900
- '%APPDATA%\Mining\coin-miner.exe' /pid=8100
- '%APPDATA%\Mining\coin-miner.exe' /pid=4240
- '%APPDATA%\Mining\coin-miner.exe' /pid=6544
- '%APPDATA%\Mining\coin-miner.exe' /pid=6064
- '%APPDATA%\Mining\coin-miner.exe' /pid=6324
- '%APPDATA%\Mining\coin-miner.exe' /pid=6408
- '%APPDATA%\Mining\coin-miner.exe' /pid=2504
- '%APPDATA%\Mining\coin-miner.exe' /pid=2820
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\Mining.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'