Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\hy5.5] 'ImagePath' = '%TEMP%\E4VS8xX.sys'
- '' (downloaded from the Internet)
- NtOpenProcess, handler: E4VS8xX.sys
- <Current directory>\v9cc.exe
- %TEMP%\E4VS8xX.sys
- <Current directory>\ProcessExtended.dll
- <Full path to file>
- <Current directory>\v9cc.exe
- <Current directory>\ProcessExtended.dll
- %TEMP%\E4VS8xX.sys
- %TEMP%\E4VS8xX.sys
- 'ks##os.com':5555
- '50.##8.255.188':80
- http://50.##8.255.188/V9CC.exe
- DNS ASK www.ks##os.com
- '<Current directory>\v9cc.exe'