64Kilences.exe CPU Miner

The 64Kilences.exe CPU Miner is a program that is used in crypto-jacking campaigns and allows third parties to hijack the system power from infected PC users and make a profit. The 64Kilences.exe CPU Miner program is a customized version of the XMRig software and it is used to mine for cryptocurrencies like Monero, Bitcoin and Ethereum. Threat actors deploy 64Kilences.exe and variants like 'Msvc.exe' and 'xm32b.exe' to users via adware bundles and corrupted updates for Java.

The '64Kilences.exe' process may have an Autorun key in the Windows Registry and run on the Windows boot. The program is designed to utilize all available processing power on compromised devices for mining purposes. The mining operation involves running complex calculations that help cryptocurrency platforms facilitate secure money transactions. Operators who devote their hardware for mining Monero, Bitcoin, Ethereum, and other currency types are given fractions of the total sum of money their devices has processed. That makes for a lucrative business when a new currency emerges, and you have many computers working for you. Threat actors have been busy dispersing custom mining tools to "potential" mining rigs and exploit software vulnerabilities to expand their criminal crypto-mining network. Compromised users suffer from slow PC performance, program crashes, disrupted video playback and their CPU load is always at 100%. It is recommended to remove the 64Kilences.exe CPU Miner and related files with the help of a credible cybersecurity scanner. Some of the recent crypto-jacking applications that were registered include:

33C959.exe, 64Kilences.exe, AutoBanana.exe, BitcoinRecovery.exe , Chrome.exe.exe, FileSystemDriver_upgrade.exe, FindForms.exe, GS_Svc.exe, HalPluginsServices.dll, IDR_RCDATA.bin, JPEG Image.exe, KimLong.exe, Mbvhost.exe, MicrosoftCare.exe, MicrosoftNetwork.exe, Mineros.exe, Old Resume.exe, PTICA.EXE, Procmon.exe, Riecoin.exe, SelfFolder.idc, Spantex.exe, Spoolsv.exe, SppExtComObjPatcher.exe, SteamClient.exe, TasksHostServices.exe, Tempmf582901854.exe, Vghost.exe, WebPlayer.exe, Wintup.exe, _zw1x_.exe, asqet3.exe, avsvdl.exe, battory.exe, bit64.exe, caMyciloP.exe, ccminer-xevan.exe, chico.exe, cleantask.exe, com.exe, control.exe, delete ric_minerd.exe , demorda-gpu-x64.exe, diagtool.exe, execsc.exe, explores.exe, ext_driver.exe, gldfy.exe, hackmon.exe, hybrid32.exe, icsys.ico.exe, idlemonitor.exe, iedvutils.exe, isx.exe, jonjuo.exe, jsservice.exe, lsass.exe, lux.exe, minerd.exe, mo32.exe, msbuildexx.exe, mweshield.exe, mwse.exe, neutenbots.exe, nmworker.exe, noteupd.exe, nt.exe, psy.vmp.exe, rminerd.exe, sadogome.exe, service.exe, sppscv.exe, sqlservr.exe, srptm.exe, suvhost.exe, svchost_bak.exe, svchoxt.exe, svhhost.exe, systems32.exe, systm.exe, tftp.exe, uhk.exe, upmdd64.exe, upup.exe, vSnapshotServ.exe, vnchosts.exe, vorox.exe, w9xpopen.exe, winfdra.exe, winiogins.exe, wuh.exe, xig_64.exe, xmr-stakv7.exe, xmrig-aeon.exe, xmrig.vmp.exe, xmrig2.exe, youhost.exe , zmzhii.exe

Associated folders:

C:\Program Files (x86)\Explorer\iedvutils.exe
C:\Program Files (x86)\WeeE\WeE\neutenbots.exe
C:\ProgramData\caMyciloP.exe
C:\Users\username\AppData\GS_Svc.exe
C:\Users\username\AppData\Local\
C:\Users\username\AppData\Local\Component\com.exe
C:\Users\username\AppData\Local\Temp\0gdei2gyeid\qwer.exe
C:\Users\username\AppData\Local\Temp\icsys.ico.exe
C:\Users\username\AppData\Local\Temp\winfdra.exe
C:\Users\username\AppData\Local\filesystenmdriver\FileSystemDriver_upgrade.exe
C:\Users\username\AppData\Local\hackmon.exe
C:\Users\username\AppData\Local\youhost.exe
C:\Users\username\AppData\Mbvhost.exe
C:\Users\username\AppData\MicrosoftCare.exe
C:\Users\username\AppData\Microsoft\Speech\xmr-stakv7.exe
C:\Users\username\AppData\Roaming\
C:\Users\username\AppData\Roaming\msbuildexx.exe
C:\Users\username\AppData\Roaming\w9xpopen.exe
C:\Users\username\AppData\Temp\sadogome.exe
C:\Users\username\AppData\avsvdl.exe
C:\Windows\Chrome.exe.exe
C:\Windows\Setup\scripts\Win32\SppExtComObjPatcher.exe
C:\Windows\SysWOW64\IDR_RCDATA.bin
C:\Windows\SysWOW64\SelfFolder.idc
C:\Windows\SysWOW64\jonjuo.exe
C:\Windows\System32\AutoBanana.exe
C:\Windows\System32\KimLong.exe
C:\Windows\System32\control.exe
C:\Windows\System32\svchoxt.exe
C:\Windows\Tempmf582901854.exe
C:\Windows\execsc.exe
C:\Windows\ext_driver.exe

Associated detection names:

• Coinminer_CryptoNight.SM-WIN64
• Coinminer_TOOLXMR.SMH-WIN64
• HKTL_COINMINER
• Trojan.win32.xmr-miner
• W32/Bitcoin_Miner
• W32/XMRig_Miner
• W64/XMRIG.RABW
• windowsup.exe