Technical Information
- [HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\iexqgftfqgnr.sys'
- 'WinRing0_1_2_0' %TEMP%\iexqgftfqgnr.sys
- <SYSTEM32>\notepad.exe
- %TEMP%\iexqgftfqgnr.sys
- 'us######r.miningocean.org':5432
- 'us######r.miningocean.org':5432
- DNS ASK us######r.miningocean.org
- '<SYSTEM32>\notepad.exe'