Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%ALLUSERSPROFILE%\Windows\WinRing0x64.sys'
- 'WinRing0_1_2_0' %ALLUSERSPROFILE%\Windows\WinRing0x64.sys
- %ALLUSERSPROFILE%\windows\winhttp.exe
- %ALLUSERSPROFILE%\windows\winhttpd.exe
- '10#.#44.21.21':8083
- 'xm#####.nanopool.org':14444
- http://10#.##4.21.21:8083/antrian/resources/minAjax/http_msvc.exe via 10#.#44.21.21
- http://10#.##4.21.21:8083/antrian/resources/minAjax/http_gcc.exe via 10#.#44.21.21
- 'xm#####.nanopool.org':14444
- DNS ASK xm#####.nanopool.org
- '%ALLUSERSPROFILE%\windows\winhttp.exe'
- '<SYSTEM32>\cmd.exe' /k %ALLUSERSPROFILE%\Windows\winhttp.exe' (with hidden window)
- '<SYSTEM32>\cmd.exe' /k %ALLUSERSPROFILE%\Windows\winhttp.exe