Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%APPDATA%\Google\Libs\WR64.sys'
- 'WinRing0_1_2_0' %APPDATA%\Google\Libs\WR64.sys
- <SYSTEM32>\svchost.exe
- %APPDATA%\google\libs\wr64.sys
- %APPDATA%\google\libs\g.log
- %TEMP%\iultdrze.tmp
- 'po##.#ashvault.pro':80
- '94.##6.144.55':80
- http://94.##6.144.55/api/endpoint.php
- 'po##.#ashvault.pro':80
- DNS ASK po##.#ashvault.pro
- '<SYSTEM32>\cmd.exe' /c wmic PATH Win32_VideoController GET Name, VideoProcessor > "%APPDATA%\Google\Libs\g.log"
- '<SYSTEM32>\wbem\wmic.exe' PATH Win32_VideoController GET Name, VideoProcessor
- '<SYSTEM32>\svchost.exe' eafavatyhkqhetav 6E3sjfZq2rJQaxvLPmXgsF7vH8nKLC0ur3jCwye3fPpZDYkQjcS/S/TS19hCmaZeQZpdODzKxFg/Q1pHnmvxlgehBnNyDBAw10HJ6e8EAD9b7bGbT9iXTlnd8d6rVm56NY9RMVjGmCfa9xIF6bZ8CPjPAUwHatDzA23k9p69rxlFeJyv...