Technical Information
- [<HKLM>\System\CurrentControlSet\Services\nY506uY] 'Start' = '00000001'
- [<HKLM>\System\CurrentControlSet\Services\nY506uY] 'ImagePath' = '<DRIVERS>\nY506uY.sys'
- 'nY506uY' <DRIVERS>\nY506uY.sys
- <DRIVERS>\ny506uy.sys
- %WINDIR%\temp\uddffb2.tmp
- <DRIVERS>\etc\hosts
- %WINDIR%\temp\uddffb2.tmp
- '<DNS_SERVER>':80
- 'fh##q.com':80
- DNS ASK a.##dlq.com
- DNS ASK b.##dlq.com
- DNS ASK c.##dlq.com
- DNS ASK pT#.#hdlq.com
- DNS ASK h.###yjy.com
- DNS ASK fh##q.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcAB1MQ" /S /Q' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rd "<DRIVERS>\etcAB1MQ" /S /Q