Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%APPDATA%\WinRing0x64.sys'
- %APPDATA%\msft_process.exe
- %APPDATA%\config.json
- %APPDATA%\sha256sums
- %APPDATA%\winring0x64.sys
- 'po##.#inexmr.com':4444
- DNS ASK po##.#inexmr.com
- '%APPDATA%\msft_process.exe'