Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\TongL] 'ImagePath' = '%ProgramFiles%\TongL.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\ComputerZ_x64.sys] 'ImagePath' = 'C:\ComputerZ_x64.sys'
- [<HKLM>\System\CurrentControlSet\Services\ComputerZ_x64] 'ImagePath' = 'C:\ComputerZ_x64.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\109y6.sys] 'ImagePath' = 'C:\109y6.sys'
- [<HKLM>\System\CurrentControlSet\Services\109y6] 'ImagePath' = 'C:\109y6.sys'
- 'TongL' %ProgramFiles%\TongL.sys
- 'ComputerZ_x64.sys' C:\ComputerZ_x64.sys
- 'ComputerZ_x64' C:\ComputerZ_x64.sys
- '109y6.sys' C:\109y6.sys
- '109y6' C:\109y6.sys
- %WINDIR%\syswow64\psx.dll
- %ProgramFiles%\tongl.sys
- %ProgramFiles%\mdl_dll.dll
- %WINDIR%\temp\udddb8f.tmp
- C:\computerz_x64.sys
- C:\109y6.sys
- %WINDIR%\temp\udd54e5.tmp
- %WINDIR%\temp\udd54e7.tmp
- %WINDIR%\temp\udd54e6.tmp
- %WINDIR%\temp\udd54e4.tmp
- %WINDIR%\syswow64\psx.dll
- %WINDIR%\temp\udddb8f.tmp
- %WINDIR%\temp\udd54e7.tmp
- %WINDIR%\temp\udd54e4.tmp
- %WINDIR%\temp\udd54e6.tmp
- %WINDIR%\temp\udd54e5.tmp
- 'w.###ata.net':80
- http://w.###ata.net/37069ABA7035FDB2
- DNS ASK w.###ata.net