Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%APPDATA%\Windows\Libs\WR64.sys'
- 'WinRing0_1_2_0' %APPDATA%\Windows\Libs\WR64.sys
- <SYSTEM32>\nslookup.exe
- %APPDATA%\windows\libs\wr64.sys
- 'po##.#inexmr.com':4444
- 'po##.#inexmr.com':4444
- DNS ASK po##.#inexmr.com
- 'localhost':64032
- 'localhost':55734
- '<SYSTEM32>\nslookup.exe' "<Full path to file>"
- '<SYSTEM32>\nslookup.exe' itdybagikjmvb0 Xji3FXYfqqI2timPThbgZueMNpSES88mLhMz2ywydJQlR6TwS6Qb2QQEpMLgG8ML4eba/XQfjR3iPVCrBYejliwiuDPweNuz1u/UxrKl9y03MCBEC3MBOEhvrGGl7jevRWI5lUe+Ml05O0l8HmSiRvh+rt0aTUF92kyE6GfW9IBeDkCVWH...