TelemetricSys.exe CPU Miner

The TelemetricSys.exe CPU Miner is a cryptocurrency mining instrument that is used by Black Hat hackers to earn money. The TelemetricSys.exe CPU Miner is dropped into computers that have been infected with a Trojan dropper beforehand, or the user follows links to insecure pages that host the TelemetricSys.exe CPU Miner. Initial analysis of TelemetricSys.exe showed that it is based on the XMRig open-source utility (github[.]com/xmrig/xmrig). Anonymous software developers have been swarming PC users with various modified versions of XMRig throughout the last two months of 2017 and the start of 2018.

The TelemetricSys.exe CPU Miner may be injected into systems via phishing emails, corrupted ads and Trojan downloaders. Usually, the TelemetricSys.exe CPU Miner can be found under the C:\Users\username\AppData\TelemetricSys\ folder, feature the company name 'TelemetricSys Inc.,' but lack a valid digital signature. PC users who might have the TelemetricSys.exe file on their local disks are likely to notice it loading in the Task Manager TelemetricSys.exe, which lacks description and does not show a file path. The TelemetricSys.exe CPU Miner is programmed to obstruct manual removal attempts and hijack more than 90% of the available processing power. Hence, third-party tools like office suites, Web browsers, media players, and games are likely not to respond and crash when you double-click their icons. As mentioned above, the creators of the TelemetricSys.exe CPU Miner have released many versions, which include the following executables:

Amworker.exe, Bcompare.exe, Bitcoin-miner.exe, Brhost.exe, CRMSvc.exe, Calc.exe, Com Surrogate.exe, Comime.exe, Cpugpu.exe, Csrcs.exe, Dllchost.exe, DreamCompress.exe, Dwnclear.exe, Excavator.exe, Fix.exe, GoogleUpdat.exe, Googleupdat.exe, HPDriver64.exe, HandlerExecution.exe, Hfdgghfff.exe, Hpdriver64.exe, Img002.exe, IntelService.exe, Intelmain.exe, Intelservice.exe, Jusched.exe, Launcher.exe, Lsmos.exe, MSVCCUDA.exe, Micirsoftl64.exe, Mnhost.exe, Msiexec.exe, Msttc.exe, Mswinlib.exe, Nssm.exe, Nthsot.exe, Ntshot.exe, Qsxc.exe, Relax.exe, ST.exe, Searchfilterhost.exe, Serve.exe, Servicecs.exe, Setrup.exe, Sgminer.exe, Sql59.exe, Swf.exe, SystemDrivers.exe, Systemf0d7.exe, Systemgo.exe, Systemhost.exe, Taskmg.exe, TelemetricSys.exe, Websock.exe, Win1nit.exe, Win32.exe, Winpoint.exe, Wirstmgsvc.exe, X64.exe, Xbooster.exe, Xdediclogcleaner.exe, Xerography.exe, Xmr-stak-cpu.exe, Xmr-stak.exe, Yquw.exe, crss.exe, debug64.exe, dfgfrdgu.exe, dlchosts.exe, ebashit.exe, etdctrl.exe, faceinfo.exe, flash_pl_update_v719.exe, iexplore.exe, joinResult.exe, keywordservice.exe, magnet-qt.exe, mswinlib.exe, nirolxp.exe, nssm.exe, photo.exe, psnzmtr.exe, rebuild.exe, rickospacedout.exe, rkcybere.exe, sae.exe, spoolsr.exe, st.exe, supreme.exe, svshpst.exe, systemupdates.exe, tufitede.exe, tunecontrols.exe, updatehost.exe , updatex.exe, wiaobscsvc.exe, winminer.exe, winnetsvces.exe, xm64.exe, xmrig[1].exe.

The TelemetricSys.exe CPU Miner and related variants are reported to create the following folders:

C:\Program Files (x86)\Adobe\Adobe Flash Player\FaceInfo.exe
C:\Program Files (x86)\Adobe\Adobe Flash Player\keywordservice.exe
C:\Program Files (x86)\Common Files\svshpst.exe
C:\ProgramData\dreamcompress\DreamCompress.exe
C:\Users\username\AppData\CRMSvc\CRMSvc.exe
C:\Users\username\AppData\F5C6DBD2-9E35-457F-B662-CF7D478FD412\winnetsvces.exe
C:\Users\username\AppData\Local\62a81c13bb42402d80aaa99ebd741acf\HandlerExecution.exe
C:\Users\username\AppData\Local\Relax.exe
C:\Users\username\AppData\Local\etdctrl\etdctrl.exe
C:\Users\username\AppData\Microsoft\Windows\Start menu\Programs\Photo.exe
C:\Users\username\AppData\Multimedia\SystemDrivers.exe
C:\Users\username\AppData\Roaming\Microsoft\Windows\Start menu\Programs\Startup\flash_pl_update_v719.exe
C:\Users\username\AppData\TelemetricSys\TelemetricSys.exe
C:\Users\username\AppData\Windows\dlchosts.exe
C:\Users\username\AppData\\Local\Temp\tmp10486329\tufitede.exe
C:\Users\username\AppData\system32\tunecontrols.exe
C:\Users\username\AppData\systemupdates\systemupdates.exe
C:\Users\username\AppData\x15jVVxcVWIX\rkcybere.exe
C:\Windows\dfgfrdgu.exe.

AV companies use the following detection names regarding the TelemetricSys.exe CPU Miner:

• Application.BitCoinMiner
• HT_RAZY_HA31003C.UVPM
• JS:Miner-C [Trj]
• PUA.CoinMiner
• Riskware.Miner
• TROJ_GEN.R002H09B518
• W32/CoinMiner
• Win32/Trojan.d50
• malicious_confidence_60% (D)