Technical Information
- '%APPDATA%\Mining\FindingC.exe' /pid=6856
- '%APPDATA%\Mining\FindingC.exe' /pid=6692
- '%APPDATA%\Mining\FindingC.exe' /pid=7092
- '%APPDATA%\Mining\FindingC.exe' /pid=7076
- '%APPDATA%\Mining\FindingC.exe' /pid=6496
- '%APPDATA%\Mining\FindingC.exe' /pid=6376
- '%APPDATA%\Mining\FindingC.exe' /pid=6596
- '%APPDATA%\Mining\FindingC.exe' /pid=6552
- '%APPDATA%\Mining\FindingC.exe' /pid=7652
- '%APPDATA%\Mining\FindingC.exe' /pid=7556
- '%APPDATA%\Mining\FindingC.exe' /pid=7916
- '%APPDATA%\Mining\FindingC.exe' /pid=7816
- '%APPDATA%\Mining\FindingC.exe' /pid=7336
- '%APPDATA%\Mining\FindingC.exe' /pid=7156
- '%APPDATA%\Mining\FindingC.exe' /pid=7492
- '%APPDATA%\Mining\FindingC.exe' /pid=7436
- '%APPDATA%\Mining\FindingC.exe' /pid=4496
- '%APPDATA%\Mining\FindingC.exe' /pid=4216
- '%APPDATA%\Mining\FindingC.exe' /pid=3616
- '%APPDATA%\Mining\FindingC.exe' /pid=6100
- '%APPDATA%\Mining\FindingC.exe' /pid=3036
- '%APPDATA%\Mining\FindingC.exe' /pid=3496
- '%APPDATA%\Mining\FindingC.exe' /pid=4484
- '%APPDATA%\Mining\FindingC.exe' /pid=5488
- '%APPDATA%\Mining\FindingC.exe' /pid=6148
- '%APPDATA%\Mining\FindingC.exe' /pid=5244
- '%APPDATA%\Mining\FindingC.exe' /pid=6272
- '%APPDATA%\Mining\FindingC.exe' /pid=6256
- '%APPDATA%\Mining\FindingC.exe' /pid=3996
- '%APPDATA%\Mining\FindingC.exe' /pid=5728
- '%APPDATA%\Mining\FindingC.exe' /pid=2652
- '%APPDATA%\Mining\FindingC.exe' /pid=4184
- '%APPDATA%\Mining\FindingC.exe' /pid=7936
- '%APPDATA%\Mining\FindingC.exe' /pid=8132
- '%APPDATA%\Mining\FindingC.exe' /pid=2828
- '%APPDATA%\Mining\FindingC.exe' /pid=6292
- '%APPDATA%\Mining\FindingC.exe' /pid=3716
- '%APPDATA%\Mining\FindingC.exe' /pid=8096
- '%APPDATA%\Mining\FindingC.exe' /pid=7980
- '%APPDATA%\Mining\FindingC.exe' /pid=8052
- '%APPDATA%\Mining\FindingC.exe' /pid=8036
- '%APPDATA%\Mining\FindingC.exe' /pid=6816
- '%APPDATA%\Mining\FindingC.exe' /pid=6932
- '%APPDATA%\Mining\FindingC.exe' /pid=7760
- '%APPDATA%\Mining\FindingC.exe' /pid=7372
- '%APPDATA%\Mining\FindingC.exe' /pid=6380
- '%APPDATA%\Mining\FindingC.exe' /pid=6312
- '%APPDATA%\Mining\FindingC.exe' /pid=6172
- '%APPDATA%\Mining\FindingC.exe' /pid=6960
- '%APPDATA%\Mining\FindingC.exe' /pid=3896
- '%APPDATA%\Mining\FindingC.exe' /pid=2428
- '%APPDATA%\Mining\FindingC.exe' /pid=6360
- '%APPDATA%\Mining\FindingC.exe' /pid=6192
- '%APPDATA%\Mining\FindingC.exe' /pid=8152
- '%APPDATA%\Mining\FindingC.exe' /pid=8076
- '%APPDATA%\Mining\FindingC.exe' /pid=5528
- '%APPDATA%\Mining\FindingC.exe' /pid=8172
- '%APPDATA%\Mining\FindingC.exe' /pid=7280
- '%APPDATA%\Mining\FindingC.exe' /pid=7072
- '%APPDATA%\Mining\FindingC.exe' /pid=7640
- '%APPDATA%\Mining\FindingC.exe' /pid=7480
- '%APPDATA%\Mining\FindingC.exe' /pid=6592
- '%APPDATA%\Mining\FindingC.exe' /pid=6432
- '%APPDATA%\Mining\FindingC.exe' /pid=6892
- '%APPDATA%\Mining\FindingC.exe' /pid=6756
- '%APPDATA%\Mining\FindingC.exe' /pid=5808
- '%APPDATA%\Mining\FindingC.exe' /pid=5296
- '%APPDATA%\Mining\FindingC.exe' /pid=5888
- '%APPDATA%\Mining\FindingC.exe' /pid=5908
- '%APPDATA%\Mining\FindingC.exe' /pid=5364
- '%APPDATA%\Mining\FindingC.exe' /pid=4744
- '%APPDATA%\Mining\FindingC.exe' /pid=4876
- '%APPDATA%\Mining\FindingC.exe' /pid=5316
- '%APPDATA%\Mining\FindingC.exe' /pid=3016
- '%APPDATA%\Mining\FindingC.exe' /pid=4864
- '%APPDATA%\Mining\FindingC.exe' /pid=4264
- '%APPDATA%\Mining\FindingC.exe' /pid=2692
- '%APPDATA%\Mining\FindingC.exe' /pid=5660
- '%APPDATA%\Mining\FindingC.exe' /pid=4984
- '%APPDATA%\Mining\FindingC.exe' /pid=3436
- '%APPDATA%\Mining\FindingC.exe' /pid=3336
- '%APPDATA%\Mining\FindingC.exe' /pid=5740
- '%APPDATA%\Mining\FindingC.exe' /pid=748
- '%APPDATA%\Mining\FindingC.exe' /pid=4964
- '%APPDATA%\Mining\FindingC.exe' /pid=3816
- '%APPDATA%\Mining\FindingC.exe' /pid=4996
- '%APPDATA%\Mining\FindingC.exe' -a sha256 -o http://Un##############_Workers:khpass@eu.triplemining.com:8344 -t 1 -T 83 -l yes
- '%APPDATA%\Mining\FindingC.exe' /pid=5480
- '%APPDATA%\Mining\FindingC.exe' /pid=5216
- '%APPDATA%\Mining\FindingC.exe' /pid=5144
- '%APPDATA%\Mining\FindingC.exe' /pid=1368
- '%APPDATA%\Mining\FindingC.exe' /pid=5236
- '%APPDATA%\Mining\FindingC.exe' /pid=5044
- '%APPDATA%\Mining\FindingC.exe' /pid=4464
- '%APPDATA%\Mining\FindingC.exe' /pid=4084
- '%APPDATA%\Mining\FindingC.exe' /pid=1692
- '%APPDATA%\Mining\FindingC.exe' /pid=3216
- '%APPDATA%\Mining\FindingC.exe' /pid=5568
- '%APPDATA%\Mining\FindingC.exe' /pid=5016
- '%APPDATA%\Mining\FindingC.exe' /pid=5124
- '%APPDATA%\Mining\FindingC.exe' /pid=5768
- '%APPDATA%\Mining\FindingC.exe' /pid=784
- '%APPDATA%\Mining\FindingC.exe' /pid=4296
- '%APPDATA%\Mining\FindingC.exe' /pid=2808
- '%APPDATA%\Mining\FindingC.exe' /pid=5336
- '%APPDATA%\Mining\FindingC.exe' /pid=3836
- '%APPDATA%\Mining\FindingC.exe' /pid=2752
- '%APPDATA%\Mining\FindingC.exe' /pid=4244
- '%APPDATA%\Mining\FindingC.exe' /pid=3084
- '%APPDATA%\Mining\FindingC.exe' /pid=4576
- '%APPDATA%\Mining\FindingC.exe' /pid=3296
- '%APPDATA%\Mining\FindingC.exe' /pid=5560
- '%APPDATA%\Mining\FindingC.exe' /pid=5500
- '%APPDATA%\Mining\FindingC.exe' /pid=5344
- '%APPDATA%\Mining\FindingC.exe' /pid=3396
- '%APPDATA%\Mining\FindingC.exe' /pid=5648
- '%APPDATA%\Mining\FindingC.exe' /pid=5508
- '%APPDATA%\Mining\FindingC.exe' /pid=4344
- '%APPDATA%\Mining\FindingC.exe' /pid=5840
- '%APPDATA%\Mining\FindingC.exe' /pid=6020
- '%APPDATA%\Mining\FindingC.exe' /pid=5920
- '%APPDATA%\Mining\FindingC.exe' /pid=2728
- '%APPDATA%\Mining\FindingC.exe' /pid=3936
- '%APPDATA%\Mining\FindingC.exe' /pid=5720
- '%APPDATA%\Mining\FindingC.exe' /pid=480
- '%APPDATA%\Mining\FindingC.exe' /pid=6088
- '%APPDATA%\Mining\FindingC.exe' /pid=6108
- '%APPDATA%\Mining\FindingC.exe' /pid=3536
- '%APPDATA%\Mining\FindingC.exe' /pid=5788
- '%APPDATA%\Mining\FindingC.exe' (downloaded from the Internet)
- %APPDATA%\Mining\FindingC.exe
- from <Full path to virus> to %APPDATA%\Mining\Finder.exe
- 'de#####.googlecode.com':80
- 'wp#d':80
- de#####.googlecode.com/files/Drefrag.exe
- wp#d/wpad.dat
- DNS ASK de#####.googlecode.com
- DNS ASK wp#d