Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows' = '%APPDATA%\Microsoft\Driver.exe'
- '%APPDATA%\Microsoft\Drive.exe' /pid=2876
- '%APPDATA%\Microsoft\Drive.exe' /pid=6436
- '%APPDATA%\Microsoft\Drive.exe' /pid=6232
- '%APPDATA%\Microsoft\Drive.exe' /pid=4736
- '%APPDATA%\Microsoft\Drive.exe' /pid=6680
- '%APPDATA%\Microsoft\Drive.exe' /pid=4168
- '%APPDATA%\Microsoft\Drive.exe' /pid=6236
- '%APPDATA%\Microsoft\Drive.exe' /pid=6620
- '%APPDATA%\Microsoft\Drive.exe' /pid=7696
- '%APPDATA%\Microsoft\Drive.exe' /pid=7948
- '%APPDATA%\Microsoft\Drive.exe' /pid=8084
- '%APPDATA%\Microsoft\Drive.exe' /pid=8180
- '%APPDATA%\Microsoft\Drive.exe' /pid=7016
- '%APPDATA%\Microsoft\Drive.exe' /pid=7176
- '%APPDATA%\Microsoft\Drive.exe' /pid=6980
- '%APPDATA%\Microsoft\Drive.exe' /pid=6392
- '%APPDATA%\Microsoft\Drive.exe' /pid=2448
- '%APPDATA%\Microsoft\Drive.exe' /pid=7592
- '%APPDATA%\Microsoft\Drive.exe' /pid=7912
- '%APPDATA%\Microsoft\Drive.exe' /pid=7892
- '%APPDATA%\Microsoft\Drive.exe' /pid=7772
- '%APPDATA%\Microsoft\Drive.exe' /pid=7480
- '%APPDATA%\Microsoft\Drive.exe' /pid=7272
- '%APPDATA%\Microsoft\Drive.exe' /pid=7928
- '%APPDATA%\Microsoft\Drive.exe' /pid=7640
- '%APPDATA%\Microsoft\Drive.exe' /pid=2980
- '%APPDATA%\Microsoft\Drive.exe' /pid=1388
- '%APPDATA%\Microsoft\Drive.exe' /pid=3060
- '%APPDATA%\Microsoft\Drive.exe' /pid=3568
- '%APPDATA%\Microsoft\Drive.exe' /pid=8160
- '%APPDATA%\Microsoft\Drive.exe' /pid=8120
- '%APPDATA%\Microsoft\Drive.exe' /pid=296
- '%APPDATA%\Microsoft\Drive.exe' /pid=3380
- '%APPDATA%\Microsoft\Drive.exe' /pid=6540
- '%APPDATA%\Microsoft\Drive.exe' /pid=6160
- '%APPDATA%\Microsoft\Drive.exe' /pid=5712
- '%APPDATA%\Microsoft\Drive.exe' /pid=6156
- '%APPDATA%\Microsoft\Drive.exe' /pid=7716
- '%APPDATA%\Microsoft\Drive.exe' /pid=3560
- '%APPDATA%\Microsoft\Drive.exe' /pid=1500
- '%APPDATA%\Microsoft\Drive.exe' /pid=3260
- '%APPDATA%\Microsoft\Drive.exe' /pid=6216
- '%APPDATA%\Microsoft\Drive.exe' /pid=7780
- '%APPDATA%\Microsoft\Drive.exe' /pid=5056
- '%APPDATA%\Microsoft\Drive.exe' /pid=5912
- '%APPDATA%\Microsoft\Drive.exe' /pid=5540
- '%APPDATA%\Microsoft\Drive.exe' /pid=2612
- '%APPDATA%\Microsoft\Drive.exe' /pid=7876
- '%APPDATA%\Microsoft\Drive.exe' /pid=6880
- '%APPDATA%\Microsoft\Drive.exe' /pid=3048
- '%APPDATA%\Microsoft\Drive.exe' /pid=4368
- '%APPDATA%\Microsoft\Drive.exe' /pid=5780
- '%APPDATA%\Microsoft\Drive.exe' /pid=6740
- '%APPDATA%\Microsoft\Drive.exe' /pid=5832
- '%APPDATA%\Microsoft\Drive.exe' /pid=2900
- '%APPDATA%\Microsoft\Drive.exe' /pid=8188
- '%APPDATA%\Microsoft\Drive.exe' /pid=8044
- '%APPDATA%\Microsoft\Drive.exe' /pid=3100
- '%APPDATA%\Microsoft\Drive.exe' /pid=7596
- '%APPDATA%\Microsoft\Drive.exe' /pid=7376
- '%APPDATA%\Microsoft\Drive.exe' /pid=8124
- '%APPDATA%\Microsoft\Drive.exe' /pid=7500
- '%APPDATA%\Microsoft\Drive.exe' /pid=6412
- '%APPDATA%\Microsoft\Drive.exe' /pid=6312
- '%APPDATA%\Microsoft\Drive.exe' /pid=5156
- '%APPDATA%\Microsoft\Drive.exe' /pid=6652
- '%APPDATA%\Microsoft\Drive.exe' /pid=7196
- '%APPDATA%\Microsoft\Drive.exe' /pid=7192
- '%APPDATA%\Microsoft\Drive.exe' /pid=7336
- '%APPDATA%\Microsoft\Drive.exe' /pid=7436
- '%APPDATA%\Microsoft\Drive.exe' /pid=6776
- '%APPDATA%\Microsoft\Drive.exe' /pid=6716
- '%APPDATA%\Microsoft\Drive.exe' /pid=7136
- '%APPDATA%\Microsoft\Drive.exe' /pid=6976
- '%APPDATA%\Microsoft\Drive.exe' /pid=8100
- '%APPDATA%\Microsoft\Drive.exe' /pid=8064
- '%APPDATA%\Microsoft\Drive.exe' /pid=4876
- '%APPDATA%\Microsoft\Drive.exe' /pid=4376
- '%APPDATA%\Microsoft\Drive.exe' /pid=7676
- '%APPDATA%\Microsoft\Drive.exe' /pid=7512
- '%APPDATA%\Microsoft\Drive.exe' /pid=7816
- '%APPDATA%\Microsoft\Drive.exe' /pid=7756
- '%APPDATA%\Microsoft\Drive.exe' /pid=4256
- '%APPDATA%\Microsoft\Drive.exe' /pid=4656
- '%APPDATA%\Microsoft\Drive.exe' /pid=6140
- '%APPDATA%\Microsoft\Drive.exe' /pid=1680
- '%APPDATA%\Microsoft\Drive.exe' /pid=5136
- '%APPDATA%\Microsoft\Drive.exe' -a sha256 -o http://1N################Tnctpu5YDnL4u8J4:x@getwork.mining.eligius.st:8332 -T 75 -l yes -t 1
- '%APPDATA%\Microsoft\Drive.exe' /pid=4856
- '%APPDATA%\Microsoft\Drive.exe' /pid=6516
- '%APPDATA%\Microsoft\Drive.exe' /pid=5560
- '%APPDATA%\Microsoft\Drive.exe' /pid=5660
- '%APPDATA%\Microsoft\Drive.exe' /pid=6612
- '%APPDATA%\Microsoft\Drive.exe' /pid=6256
- '%APPDATA%\Microsoft\Drive.exe' /pid=6336
- '%APPDATA%\Microsoft\Drive.exe' /pid=6040
- '%APPDATA%\Microsoft\Drive.exe' /pid=5760
- '%APPDATA%\Microsoft\Drive.exe' /pid=6576
- '%APPDATA%\Microsoft\Drive.exe' /pid=2744
- '%APPDATA%\Microsoft\Drive.exe' /pid=5212
- '%APPDATA%\Microsoft\Drive.exe' /pid=6640
- '%APPDATA%\Microsoft\Drive.exe' /pid=5692
- '%APPDATA%\Microsoft\Drive.exe' /pid=4336
- '%APPDATA%\Microsoft\Drive.exe' /pid=6276
- '%APPDATA%\Microsoft\Drive.exe' /pid=6296
- '%APPDATA%\Microsoft\Drive.exe' /pid=5632
- '%APPDATA%\Microsoft\Drive.exe' /pid=6660
- '%APPDATA%\Microsoft\Drive.exe' /pid=7076
- '%APPDATA%\Microsoft\Drive.exe' /pid=6812
- '%APPDATA%\Microsoft\Drive.exe' /pid=7172
- '%APPDATA%\Microsoft\Drive.exe' /pid=6952
- '%APPDATA%\Microsoft\Drive.exe' /pid=4636
- '%APPDATA%\Microsoft\Drive.exe' /pid=4236
- '%APPDATA%\Microsoft\Drive.exe' /pid=6120
- '%APPDATA%\Microsoft\Drive.exe' /pid=6796
- '%APPDATA%\Microsoft\Drive.exe' /pid=4768
- '%APPDATA%\Microsoft\Drive.exe' /pid=1584
- '%APPDATA%\Microsoft\Drive.exe' /pid=4868
- '%APPDATA%\Microsoft\Drive.exe' /pid=4748
- '%APPDATA%\Microsoft\Drive.exe' /pid=3880
- '%APPDATA%\Microsoft\Drive.exe' /pid=3180
- '%APPDATA%\Microsoft\Drive.exe' /pid=2616
- '%APPDATA%\Microsoft\Drive.exe' /pid=4060
- '%APPDATA%\Microsoft\Drive.exe' /pid=5460
- '%APPDATA%\Microsoft\Drive.exe' /pid=6496
- '%APPDATA%\Microsoft\Drive.exe' /pid=5960
- '%APPDATA%\Microsoft\Drive.exe' /pid=5260
- '%APPDATA%\Microsoft\Drive.exe' /pid=6356
- '%APPDATA%\Microsoft\Drive.exe' /pid=4968
- '%APPDATA%\Microsoft\Drive.exe' /pid=6196
- '%APPDATA%\Microsoft\Drive.exe' /pid=5048
- '%APPDATA%\Microsoft\Drive.exe' (downloaded from the Internet)
- %APPDATA%\Microsoft\Drive.exe
- from <Full path to virus> to %APPDATA%\Microsoft\Driver.exe
- '19#.#3.167.160':80
- 'wp#d':80
- 19#.#3.167.160/sil1001/UFA.exe
- wp#d/wpad.dat
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: '(null)'