Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '<SYSTEM32>\WinRing0x64.sys'
- 'WinRing0_1_2_0' <SYSTEM32>\WinRing0x64.sys
- <SYSTEM32>\cmd.exe
- http://18#.#1.157.186/files/ex/551x64.png
- DNS ASK pa###bin.com
- '<SYSTEM32>\cmd.exe' --background --donate-level 1 --nicehash --keepalive -o 185.81.157.186:8080 -u 443PHqLKctFXBXHe4WJfPh9XcLF3YinfzJkNAet7o9pm37YzTUJokPSDvbf2bBgzFUcYWeBVGpYkpjNm8N1ZzRTf7SMUz9F--max-cpu-usage=90