Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\rzxnm] 'ImagePath' = '%WINDIR%\lg1163.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\file_cache_service] 'ImagePath' = '<SYSTEM32>\svchost.exe -k file_cache_group'
- [<HKLM>\SYSTEM\ControlSet001\Services\file_cache_service\Parameters] 'ServiceDll' = '%APPDATA%\hkppyxyb.tmp'
- %APPDATA%\hkppyxyb.tmp
- %WINDIR%\lg1163.sys
- %WINDIR%\Temp\sf.log.txt
- %WINDIR%\lg1163.sys
- '12#.#25.114.144':80
- 'cd#.#oobar.com':80
- http://cd#.#oobar.com/soft/push/2/target.tar.gz
- DNS ASK www.ba##u.com
- DNS ASK cd#.#oobar.com
- '<SYSTEM32>\svchost.exe' -k file_cache_group