Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\Mining.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=8144
- '%APPDATA%\Mining\coin-miner.exe' /pid=8020
- '%APPDATA%\Mining\coin-miner.exe' /pid=6248
- '%APPDATA%\Mining\coin-miner.exe' /pid=8188
- '%APPDATA%\Mining\coin-miner.exe' /pid=7864
- '%APPDATA%\Mining\coin-miner.exe' /pid=7680
- '%APPDATA%\Mining\coin-miner.exe' /pid=7964
- '%APPDATA%\Mining\coin-miner.exe' /pid=7900
- '%APPDATA%\Mining\coin-miner.exe' /pid=6888
- '%APPDATA%\Mining\coin-miner.exe' /pid=6404
- '%APPDATA%\Mining\coin-miner.exe' /pid=6860
- '%APPDATA%\Mining\coin-miner.exe' /pid=6668
- '%APPDATA%\Mining\coin-miner.exe' /pid=6380
- '%APPDATA%\Mining\coin-miner.exe' /pid=6008
- '%APPDATA%\Mining\coin-miner.exe' /pid=6260
- '%APPDATA%\Mining\coin-miner.exe' /pid=6308
- '%APPDATA%\Mining\coin-miner.exe' /pid=7604
- '%APPDATA%\Mining\coin-miner.exe' /pid=6484
- '%APPDATA%\Mining\coin-miner.exe' /pid=6244
- '%APPDATA%\Mining\coin-miner.exe' /pid=6644
- '%APPDATA%\Mining\coin-miner.exe' /pid=6744
- '%APPDATA%\Mining\coin-miner.exe' /pid=6188
- '%APPDATA%\Mining\coin-miner.exe' /pid=5308
- '%APPDATA%\Mining\coin-miner.exe' /pid=6284
- '%APPDATA%\Mining\coin-miner.exe' /pid=6164
- '%APPDATA%\Mining\coin-miner.exe' /pid=7264
- '%APPDATA%\Mining\coin-miner.exe' /pid=7284
- '%APPDATA%\Mining\coin-miner.exe' /pid=7464
- '%APPDATA%\Mining\coin-miner.exe' /pid=7320
- '%APPDATA%\Mining\coin-miner.exe' /pid=6784
- '%APPDATA%\Mining\coin-miner.exe' /pid=6944
- '%APPDATA%\Mining\coin-miner.exe' /pid=7024
- '%APPDATA%\Mining\coin-miner.exe' /pid=6940
- '%APPDATA%\Mining\coin-miner.exe' /pid=7800
- '%APPDATA%\Mining\coin-miner.exe' /pid=7440
- '%APPDATA%\Mining\coin-miner.exe' /pid=6808
- '%APPDATA%\Mining\coin-miner.exe' /pid=8080
- '%APPDATA%\Mining\coin-miner.exe' /pid=6564
- '%APPDATA%\Mining\coin-miner.exe' /pid=7224
- '%APPDATA%\Mining\coin-miner.exe' /pid=7600
- '%APPDATA%\Mining\coin-miner.exe' /pid=6824
- '%APPDATA%\Mining\coin-miner.exe' /pid=2476
- '%APPDATA%\Mining\coin-miner.exe' /pid=7044
- '%APPDATA%\Mining\coin-miner.exe' /pid=7380
- '%APPDATA%\Mining\coin-miner.exe' /pid=6724
- '%APPDATA%\Mining\coin-miner.exe' /pid=6500
- '%APPDATA%\Mining\coin-miner.exe' /pid=8148
- '%APPDATA%\Mining\coin-miner.exe' /pid=7484
- '%APPDATA%\Mining\coin-miner.exe' /pid=7008
- '%APPDATA%\Mining\coin-miner.exe' /pid=6960
- '%APPDATA%\Mining\coin-miner.exe' /pid=7444
- '%APPDATA%\Mining\coin-miner.exe' /pid=7480
- '%APPDATA%\Mining\coin-miner.exe' /pid=7764
- '%APPDATA%\Mining\coin-miner.exe' /pid=7820
- '%APPDATA%\Mining\coin-miner.exe' /pid=7100
- '%APPDATA%\Mining\coin-miner.exe' /pid=6924
- '%APPDATA%\Mining\coin-miner.exe' /pid=7388
- '%APPDATA%\Mining\coin-miner.exe' /pid=7240
- '%APPDATA%\Mining\coin-miner.exe' /pid=6348
- '%APPDATA%\Mining\coin-miner.exe' /pid=728
- '%APPDATA%\Mining\coin-miner.exe' /pid=6448
- '%APPDATA%\Mining\coin-miner.exe' /pid=6180
- '%APPDATA%\Mining\coin-miner.exe' /pid=8088
- '%APPDATA%\Mining\coin-miner.exe' /pid=8040
- '%APPDATA%\Mining\coin-miner.exe' /pid=8104
- '%APPDATA%\Mining\coin-miner.exe' /pid=8128
- '%APPDATA%\Mining\coin-miner.exe' /pid=5608
- '%APPDATA%\Mining\coin-miner.exe' /pid=4060
- '%APPDATA%\Mining\coin-miner.exe' /pid=4708
- '%APPDATA%\Mining\coin-miner.exe' /pid=3400
- '%APPDATA%\Mining\coin-miner.exe' /pid=5180
- '%APPDATA%\Mining\coin-miner.exe' /pid=6140
- '%APPDATA%\Mining\coin-miner.exe' /pid=5260
- '%APPDATA%\Mining\coin-miner.exe' /pid=5160
- '%APPDATA%\Mining\coin-miner.exe' /pid=2988
- '%APPDATA%\Mining\coin-miner.exe' /pid=3660
- '%APPDATA%\Mining\coin-miner.exe' /pid=5436
- '%APPDATA%\Mining\coin-miner.exe' /pid=4760
- '%APPDATA%\Mining\coin-miner.exe' /pid=6088
- '%APPDATA%\Mining\coin-miner.exe' /pid=5768
- '%APPDATA%\Mining\coin-miner.exe' /pid=3580
- '%APPDATA%\Mining\coin-miner.exe' /pid=5888
- '%APPDATA%\Mining\coin-miner.exe' /pid=3428
- '%APPDATA%\Mining\coin-miner.exe' /pid=4148
- '%APPDATA%\Mining\coin-miner.exe' /pid=2980
- '%APPDATA%\Mining\coin-miner.exe' /pid=4828
- '%APPDATA%\Mining\coin-miner.exe' /pid=5028
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://1B##################rcdje812bWtVpU:59jkdbl@getwork.mining.eligius.st:8337 -T 83 -l yes -t 1
- '%APPDATA%\Mining\coin-miner.exe' /pid=4428
- '%APPDATA%\Mining\coin-miner.exe' /pid=4848
- '%APPDATA%\Mining\coin-miner.exe' /pid=5020
- '%APPDATA%\Mining\coin-miner.exe' /pid=4820
- '%APPDATA%\Mining\coin-miner.exe' /pid=5816
- '%APPDATA%\Mining\coin-miner.exe' /pid=5616
- '%APPDATA%\Mining\coin-miner.exe' /pid=2668
- '%APPDATA%\Mining\coin-miner.exe' /pid=3560
- '%APPDATA%\Mining\coin-miner.exe' /pid=4140
- '%APPDATA%\Mining\coin-miner.exe' /pid=2796
- '%APPDATA%\Mining\coin-miner.exe' /pid=3880
- '%APPDATA%\Mining\coin-miner.exe' /pid=3900
- '%APPDATA%\Mining\coin-miner.exe' /pid=5588
- '%APPDATA%\Mining\coin-miner.exe' /pid=3480
- '%APPDATA%\Mining\coin-miner.exe' /pid=4608
- '%APPDATA%\Mining\coin-miner.exe' /pid=3028
- '%APPDATA%\Mining\coin-miner.exe' /pid=3460
- '%APPDATA%\Mining\coin-miner.exe' /pid=2700
- '%APPDATA%\Mining\coin-miner.exe' /pid=5040
- '%APPDATA%\Mining\coin-miner.exe' /pid=8184
- '%APPDATA%\Mining\coin-miner.exe' /pid=2880
- '%APPDATA%\Mining\coin-miner.exe' /pid=5508
- '%APPDATA%\Mining\coin-miner.exe' /pid=4528
- '%APPDATA%\Mining\coin-miner.exe' /pid=5208
- '%APPDATA%\Mining\coin-miner.exe' /pid=5716
- '%APPDATA%\Mining\coin-miner.exe' /pid=1388
- '%APPDATA%\Mining\coin-miner.exe' /pid=5008
- '%APPDATA%\Mining\coin-miner.exe' /pid=5080
- '%APPDATA%\Mining\coin-miner.exe' /pid=4720
- '%APPDATA%\Mining\coin-miner.exe' /pid=4628
- '%APPDATA%\Mining\coin-miner.exe' /pid=5140
- '%APPDATA%\Mining\coin-miner.exe' /pid=5656
- '%APPDATA%\Mining\coin-miner.exe' /pid=3960
- '%APPDATA%\Mining\coin-miner.exe' /pid=3528
- '%APPDATA%\Mining\coin-miner.exe' /pid=3388
- '%APPDATA%\Mining\coin-miner.exe' /pid=5968
- '%APPDATA%\Mining\coin-miner.exe' /pid=5756
- '%APPDATA%\Mining\coin-miner.exe' /pid=3180
- '%APPDATA%\Mining\coin-miner.exe' /pid=3160
- '%APPDATA%\Mining\coin-miner.exe' /pid=5332
- '%APPDATA%\Mining\coin-miner.exe' /pid=5060
- '%APPDATA%\Mining\coin-miner.exe' /pid=3280
- '%APPDATA%\Mining\coin-miner.exe' /pid=296
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\Mining.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'