Technical Information
- [HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\gcntymjjmrid.sys'
- 'WinRing0_1_2_0' %TEMP%\gcntymjjmrid.sys
- <SYSTEM32>\dwm.exe
- %TEMP%\gcntymjjmrid.sys
- %WINDIR%\temp\uddbbee.tmp
- %WINDIR%\temp\uddbbee.tmp
- 'us######r.miningocean.org':5432
- 'us######r.miningocean.org':5432
- DNS ASK us######r.miningocean.org
- '<SYSTEM32>\dwm.exe'