Technical Information
- <SYSTEM32>\tasks\services32
- <SYSTEM32>\conhost.exe
- %TEMP%\ethminer.exe
- %TEMP%\mercpayload.exe
- 'ip#.#eeip.org':443
- 'microsoft.com':80
- 'ip##pi.com':80
- 'di###rdapp.com':443
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://ip##pi.com//json/
- 'ip#.#eeip.org':443
- 'di###rdapp.com':443
- DNS ASK ip#.#eeip.org
- DNS ASK microsoft.com
- DNS ASK ip##pi.com
- DNS ASK di###rdapp.com
- '%TEMP%\ethminer.exe'
- '%TEMP%\mercpayload.exe'
- '%APPDATA%\services32.exe'
- '%APPDATA%\microsoft\telemetry\sihost32.exe'
- '%TEMP%\ethminer.exe' ' (with hidden window)
- '%TEMP%\mercpayload.exe' ' (with hidden window)
- '%APPDATA%\microsoft\telemetry\sihost32.exe' ' (with hidden window)