Technical Information
- [<HKLM>\System\CurrentControlSet\Services\KFweIecK] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\KFweIecK] 'ImagePath' = '<DRIVERS>\KFweIecK.sys'
- 'KFweIecK' <DRIVERS>\KFweIecK.sys
- <DRIVERS>\kfweieck.sys
- %WINDIR%\temp\uddeb67.tmp
- <DRIVERS>\etc\hosts
- %WINDIR%\temp\uddeb67.tmp
- '<DNS_SERVER>':80
- 'fh##q.net':80
- DNS ASK a.##dlq.net
- DNS ASK a.##dlq.com
- DNS ASK b.##dlq.net
- DNS ASK h.###yjy.com
- DNS ASK fh##q.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcY9kEZ" /S /Q' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcY9kEZ" /S /Q