Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '<Current directory>\WinRing0x64.sys'
- 'WinRing0_1_2_0' <Current directory>\WinRing0x64.sys
- %TEMP%\312d.tmp\312e.bat
- <Current directory>\b.exe
- 'po##.#ashvault.pro':443
- DNS ASK po##.#ashvault.pro
- '<Current directory>\b.exe' -o pool.hashvault.pro:443 -u 4AairsfkZ9XcZJcQWupsLdWhXeqhiMoDDYvZDyPE35DsZv9SF1SXNFjBoBd3GGzqZHatb8DJ1ARXkPNLwLRNVT5C6uuCbwm -k --tls --donate-level 1 --max-cpu-usage 35
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\312D.tmp\312E.bat <Full path to file>"