Technical Information
- [<HKLM>\System\CurrentControlSet\Services\fastuserswitchingcompatibility] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\fastuserswitchingcompatibility] 'ImagePath' = '<SYSTEM32>\svchost.exe -k "netsvcs"'
- 'fastuserswitchingcompatibility' <SYSTEM32>\svchost.exe -k "netsvcs"
- <Current directory>\puhpryjnrx
- %TEMP%\xxfeygryvw.log
- %WINDIR%\syswow64\khaxdbhfbx
- %WINDIR%\syswow64\kporlejdos
- <Current directory>\puhpryjnrx
- %WINDIR%\syswow64\khaxdbhfbx
- %WINDIR%\syswow64\kporlejdos
- from %TEMP%\xxfeygryvw.log to %ProgramFiles%\DRM\gwxff.lnk
- 'la###a.gg87.com':338
- DNS ASK la###a.gg87.com
- '%WINDIR%\syswow64\svchost.exe' -k "netsvcs"