Technical Information
- [<HKLM>\System\CurrentControlSet\Services\5hZknD2YPnDB3A] 'ImagePath' = '%TEMP%\5hZknD2YPnDB3AiB3Xlj.sys'
- '5hZknD2YPnDB3A' %TEMP%\5hZknD2YPnDB3AiB3Xlj.sys
- %WINDIR%\tempxxx
- %TEMP%\5hzknd2ypndb3aib3xlj.sys
- %WINDIR%\temp\uddaddb.tmp
- %WINDIR%\temp\uddaddb.tmp
- %TEMP%\5hzknd2ypndb3aib3xlj.sys
- 'yi##d.cc':13450
- '12#.#1.220.8':80
- http://ne#######rifly.ntoskr.com:80/verifly?ke############################
- http://www.yi###.cc:13450/kss_io/io.php?v=################################################ via yi##d.cc
- DNS ASK yi##d.cc