Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Startup' = '%APPDATA%\Mining\chat.exe'
- '%APPDATA%\Mining\coin-miner.exe' /pid=6828
- '%APPDATA%\Mining\coin-miner.exe' /pid=6628
- '%APPDATA%\Mining\coin-miner.exe' /pid=7028
- '%APPDATA%\Mining\coin-miner.exe' /pid=6848
- '%APPDATA%\Mining\coin-miner.exe' /pid=6368
- '%APPDATA%\Mining\coin-miner.exe' /pid=6268
- '%APPDATA%\Mining\coin-miner.exe' /pid=6564
- '%APPDATA%\Mining\coin-miner.exe' /pid=6528
- '%APPDATA%\Mining\coin-miner.exe' /pid=7148
- '%APPDATA%\Mining\coin-miner.exe' /pid=7748
- '%APPDATA%\Mining\coin-miner.exe' /pid=7648
- '%APPDATA%\Mining\coin-miner.exe' /pid=7964
- '%APPDATA%\Mining\coin-miner.exe' /pid=7828
- '%APPDATA%\Mining\coin-miner.exe' /pid=7328
- '%APPDATA%\Mining\coin-miner.exe' /pid=7184
- '%APPDATA%\Mining\coin-miner.exe' /pid=7408
- '%APPDATA%\Mining\coin-miner.exe' /pid=7508
- '%APPDATA%\Mining\coin-miner.exe' /pid=3436
- '%APPDATA%\Mining\coin-miner.exe' /pid=4144
- '%APPDATA%\Mining\coin-miner.exe' /pid=6048
- '%APPDATA%\Mining\coin-miner.exe' /pid=5152
- '%APPDATA%\Mining\coin-miner.exe' /pid=5908
- '%APPDATA%\Mining\coin-miner.exe' /pid=5032
- '%APPDATA%\Mining\coin-miner.exe' /pid=5876
- '%APPDATA%\Mining\coin-miner.exe' /pid=984
- '%APPDATA%\Mining\coin-miner.exe' /pid=2936
- '%APPDATA%\Mining\coin-miner.exe' /pid=6172
- '%APPDATA%\Mining\coin-miner.exe' /pid=4312
- '%APPDATA%\Mining\coin-miner.exe' /pid=6164
- '%APPDATA%\Mining\coin-miner.exe' /pid=6312
- '%APPDATA%\Mining\coin-miner.exe' /pid=5676
- '%APPDATA%\Mining\coin-miner.exe' /pid=5708
- '%APPDATA%\Mining\coin-miner.exe' /pid=8188
- '%APPDATA%\Mining\coin-miner.exe' /pid=5956
- '%APPDATA%\Mining\coin-miner.exe' /pid=8028
- '%APPDATA%\Mining\coin-miner.exe' /pid=5528
- '%APPDATA%\Mining\coin-miner.exe' /pid=2524
- '%APPDATA%\Mining\coin-miner.exe' /pid=6932
- '%APPDATA%\Mining\coin-miner.exe' /pid=6592
- '%APPDATA%\Mining\coin-miner.exe' /pid=8008
- '%APPDATA%\Mining\coin-miner.exe' /pid=8052
- '%APPDATA%\Mining\coin-miner.exe' /pid=7944
- '%APPDATA%\Mining\coin-miner.exe' /pid=7744
- '%APPDATA%\Mining\coin-miner.exe' /pid=6264
- '%APPDATA%\Mining\coin-miner.exe' /pid=7308
- '%APPDATA%\Mining\coin-miner.exe' /pid=7092
- '%APPDATA%\Mining\coin-miner.exe' /pid=7504
- '%APPDATA%\Mining\coin-miner.exe' /pid=8172
- '%APPDATA%\Mining\coin-miner.exe' /pid=6888
- '%APPDATA%\Mining\coin-miner.exe' /pid=720
- '%APPDATA%\Mining\coin-miner.exe' /pid=6644
- '%APPDATA%\Mining\coin-miner.exe' /pid=7108
- '%APPDATA%\Mining\coin-miner.exe' /pid=6432
- '%APPDATA%\Mining\coin-miner.exe' /pid=6212
- '%APPDATA%\Mining\coin-miner.exe' /pid=6444
- '%APPDATA%\Mining\coin-miner.exe' /pid=6652
- '%APPDATA%\Mining\coin-miner.exe' /pid=8168
- '%APPDATA%\Mining\coin-miner.exe' /pid=8152
- '%APPDATA%\Mining\coin-miner.exe' /pid=1128
- '%APPDATA%\Mining\coin-miner.exe' /pid=6288
- '%APPDATA%\Mining\coin-miner.exe' /pid=6624
- '%APPDATA%\Mining\coin-miner.exe' /pid=7712
- '%APPDATA%\Mining\coin-miner.exe' /pid=7344
- '%APPDATA%\Mining\coin-miner.exe' /pid=7604
- '%APPDATA%\Mining\coin-miner.exe' /pid=7384
- '%APPDATA%\Mining\coin-miner.exe' /pid=6844
- '%APPDATA%\Mining\coin-miner.exe' /pid=7192
- '%APPDATA%\Mining\coin-miner.exe' /pid=7392
- '%APPDATA%\Mining\coin-miner.exe' /pid=7272
- '%APPDATA%\Mining\coin-miner.exe' /pid=3376
- '%APPDATA%\Mining\coin-miner.exe' /pid=4352
- '%APPDATA%\Mining\coin-miner.exe' /pid=3276
- '%APPDATA%\Mining\coin-miner.exe' /pid=5468
- '%APPDATA%\Mining\coin-miner.exe' /pid=5144
- '%APPDATA%\Mining\coin-miner.exe' /pid=1932
- '%APPDATA%\Mining\coin-miner.exe' /pid=4752
- '%APPDATA%\Mining\coin-miner.exe' /pid=5856
- '%APPDATA%\Mining\coin-miner.exe' /pid=324
- '%APPDATA%\Mining\coin-miner.exe' /pid=4764
- '%APPDATA%\Mining\coin-miner.exe' /pid=5064
- '%APPDATA%\Mining\coin-miner.exe' /pid=5496
- '%APPDATA%\Mining\coin-miner.exe' /pid=2744
- '%APPDATA%\Mining\coin-miner.exe' /pid=5428
- '%APPDATA%\Mining\coin-miner.exe' /pid=3856
- '%APPDATA%\Mining\coin-miner.exe' /pid=3356
- '%APPDATA%\Mining\coin-miner.exe' /pid=4632
- '%APPDATA%\Mining\coin-miner.exe' /pid=4264
- '%APPDATA%\Mining\coin-miner.exe' /pid=316
- '%APPDATA%\Mining\coin-miner.exe' /pid=3656
- '%APPDATA%\Mining\coin-miner.exe' /pid=3756
- '%APPDATA%\Mining\coin-miner.exe' /pid=5368
- '%APPDATA%\Mining\coin-miner.exe' -a sha256 -o http://fr####.#####r1:oka8NARr@5.199.171.24:8332 -T 83 -l yes -t 1
- '%APPDATA%\Mining\coin-miner.exe' /pid=2572
- '%APPDATA%\Mining\coin-miner.exe' /pid=5252
- '%APPDATA%\Mining\coin-miner.exe' /pid=4532
- '%APPDATA%\Mining\coin-miner.exe' /pid=5596
- '%APPDATA%\Mining\coin-miner.exe' /pid=2956
- '%APPDATA%\Mining\coin-miner.exe' /pid=5388
- '%APPDATA%\Mining\coin-miner.exe' /pid=5396
- '%APPDATA%\Mining\coin-miner.exe' /pid=2728
- '%APPDATA%\Mining\coin-miner.exe' /pid=4332
- '%APPDATA%\Mining\coin-miner.exe' /pid=3056
- '%APPDATA%\Mining\coin-miner.exe' /pid=3256
- '%APPDATA%\Mining\coin-miner.exe' /pid=2984
- '%APPDATA%\Mining\coin-miner.exe' /pid=1488
- '%APPDATA%\Mining\coin-miner.exe' /pid=5212
- '%APPDATA%\Mining\coin-miner.exe' /pid=6128
- '%APPDATA%\Mining\coin-miner.exe' /pid=5316
- '%APPDATA%\Mining\coin-miner.exe' /pid=3176
- '%APPDATA%\Mining\coin-miner.exe' /pid=2844
- '%APPDATA%\Mining\coin-miner.exe' /pid=4884
- '%APPDATA%\Mining\coin-miner.exe' /pid=5576
- '%APPDATA%\Mining\coin-miner.exe' /pid=5348
- '%APPDATA%\Mining\coin-miner.exe' /pid=2504
- '%APPDATA%\Mining\coin-miner.exe' /pid=3364
- '%APPDATA%\Mining\coin-miner.exe' /pid=5132
- '%APPDATA%\Mining\coin-miner.exe' /pid=6036
- '%APPDATA%\Mining\coin-miner.exe' /pid=4644
- '%APPDATA%\Mining\coin-miner.exe' /pid=5044
- '%APPDATA%\Mining\coin-miner.exe' /pid=112
- '%APPDATA%\Mining\coin-miner.exe' /pid=5808
- '%APPDATA%\Mining\coin-miner.exe' /pid=2512
- '%APPDATA%\Mining\coin-miner.exe' /pid=4744
- '%APPDATA%\Mining\coin-miner.exe' /pid=4712
- '%APPDATA%\Mining\coin-miner.exe' /pid=3424
- '%APPDATA%\Mining\coin-miner.exe' /pid=4732
- '%APPDATA%\Mining\coin-miner.exe' /pid=5628
- '%APPDATA%\Mining\coin-miner.exe' /pid=748
- '%APPDATA%\Mining\coin-miner.exe' /pid=3836
- '%APPDATA%\Mining\coin-miner.exe' /pid=5568
- '%APPDATA%\Mining\coin-miner.exe' /pid=5636
- '%APPDATA%\Mining\coin-miner.exe' /pid=3876
- '%APPDATA%\Mining\coin-miner.exe' /pid=4984
- '%APPDATA%\Mining\coin-miner.exe' /pid=4544
- '%APPDATA%\Mining\coin-miner.exe' /pid=5244
- '%APPDATA%\Mining\coin-miner.exe' /pid=6056
- '%APPDATA%\Mining\coin-miner.exe' /pid=2756
- '%APPDATA%\Mining\coin-miner.exe' (downloaded from the Internet)
- %APPDATA%\Mining\coin-miner.exe
- from <Full path to virus> to %APPDATA%\Mining\chat.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'