Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\njPPLYvwpI] 'ImagePath' = 'System32\Drivers\28WyoitQ.sys'
- <DRIVERS>\28wyoitq.sys
- %WINDIR%\temp\uddf91d.tmp
- <Current directory>\osggukto.exe
- %WINDIR%\temp\uddf91d.tmp
- <DRIVERS>\28wyoitq.sys
- <SYSTEM32>\grouppolicy\gpt.ini
- <SYSTEM32>\grouppolicy\machine\registry.pol
- <SYSTEM32>\grouppolicy\user\registry.pol
- <Current directory>\osggukto.exe
- %ALLUSERSPROFILE%\ntuser.pol
- %HOMEPATH%\ntuser.pol
- '<Current directory>\osggukto.exe'
- '<SYSTEM32>\gpscript.exe' /RefreshSystemParam
- '<SYSTEM32>\raserver.exe' /offerraupdate