Technical Information
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%TEMP%\WinRing0x64.sys'
- 'WinRing0_1_2_0' %TEMP%\WinRing0x64.sys
- '%TEMP%\msasc.exe'
- '<SYSTEM32>\taskkill.exe' /f /IM ww.exe
- %TEMP%\clean.bat
- %TEMP%\msasc.exe
- %TEMP%\config.json
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK na##bio.com
- DNS ASK microsoft.com
- DNS ASK po##.#upportxmr.com
- ClassName: '' WindowName: ''
- '%TEMP%\msasc.exe' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\clean.bat' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %TEMP%\clean.bat