According to the Tencent Mi Jian Security Threat Intelligence Center, the Tencent Security Threat Intelligence Center found that the breadth of a sample has increased suddenly. The anomaly has triggered an automatic alarm. The data shows that the sample ’s active volume increased 20 times on March 29. The regional distribution was clearly concentrated, mainly concentrated in a certain place in Hunan (later it was determined that the victim was an Internet cafe LAN). The sample hsah was entered into Tencent's intelligent security system for retrieval analysis. The results showed that the virus sample belongs to the NSABuffMiner family of mining trojans. While the attacker was controlling the broiler computer to mine for himself, he uninstalled the mining Trojans of the Mykings and WannaMiner families.