Technical Information
- [HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\eqydxrnnzpxp.sys'
- 'WinRing0_1_2_0' %TEMP%\eqydxrnnzpxp.sys
- %WINDIR%\explorer.exe
- %TEMP%\eqydxrnnzpxp.sys
- %TEMP%\jbirzmhueoqg.tmp
- 'xm#.#miners.com':12222
- 'pa###bin.com':443
- '10#.#0.247.129':84
- http://10#.##.247.129:84/api/endpoint.php via 10#.#0.247.129
- 'xm#.#miners.com':12222
- 'pa###bin.com':443
- DNS ASK xm#.#miners.com
- DNS ASK pa###bin.com
- '%WINDIR%\explorer.exe'