Technical Information
- <SYSTEM32>\tasks\wincsvns
- [<HKLM>\System\CurrentControlSet\Services\WinRing0_1_2_0] 'ImagePath' = '%APPDATA%\Microsoft\Libs\WR64.sys'
- 'WinRing0_1_2_0' %APPDATA%\Microsoft\Libs\WR64.sys
- <SYSTEM32>\conhost.exe
- %TEMP%\3313118744.exe
- '18#.#15.113.84':80
- http://18#.#15.113.84/xmrminer.exe
- ClassName: '3wf3f737fw73f73wf7w73f73fg7g3f' WindowName: ''
- '%TEMP%\3313118744.exe'
- '%HOMEPATH%\wincsvns.exe'
- '%APPDATA%\microsoft\libs\sihost64.exe'
- '%APPDATA%\microsoft\libs\sihost64.exe' ' (with hidden window)