Tiggre!rfn (also named TROJ_DIGMINEIN.A (Trend Micro), Trojan.GenericKD.12694003 (BitDefender), W32/Autoit.CGO!tr (Fortinet)) is a Trojan on Microsoft Windows that mines cryptocurrency off of the user's computer.


The program is sent out to be a video file, however, when run, it actually is a script. Once the user runs the program and their computer is infected, the Trojan modifies registry entires.

It drops an executable called 'cherry.exe' to run in the background. It can be found under:

%Application Data%\{User name}\cherry.exe.

The Trojan disables security software (such as antiviruses) on the user's computer.


Once the program starts to mine cryptocurrency, the CPU usage and GPU preformance on the user's computer will behave sluggishly and using simple programs may slow down computer responses to a halt.

Eventually, if the program mines for a long period of time, the CPU could overheat and become damaged beyond repair.