Technical Information
- [<HKLM>\System\CurrentControlSet\Services\YoiuHxmoe] 'ImagePath' = '%TEMP%\7FGamedCPgX64.sys'
- 'YoiuHxmoe' %TEMP%\\7FGamedCPgX64.sys
- 'YoiuHxmoe' %TEMP%\7FGamedCPgX64.sys
- ClassName: 'Regmonclass', WindowName: ''
- ClassName: 'Filemonclass', WindowName: ''
- %TEMP%\7fgamedcpgx64.sys
- %TEMP%\7fgamedcpgx64.sys
- from %TEMP%\7fgamedcpgx64.sys to %TEMP%\1182986\....\temporaryfile
- '1.##yz.com':80
- http://1.##yz.com/UserApi?
- DNS ASK 1.##yz.com
- ClassName: '4823-00000029' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: ''