Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\DrToolKrl] 'ImagePath' = 'system32\drivers\DrToolKrl.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\DrToolKrl] 'Start' = '00000000'
- NtTerminateProcess, handler: DrToolKrl.sys
- NtOpenProcess, handler: DrToolKrl.sys
- <DRIVERS>\DrToolKrl.sys
- <DRIVERS>\DrToolKrl.sys
- 'bl##.#ina.com.cn':80
- http://bl##.#ina.com.cn/s/blog_17d0f98830102x7fw.html
- DNS ASK bl##.#ina.com.cn