Technical Information
- [<HKLM>\System\CurrentControlSet\Services\ZxyCpDs24dTEwb.sbtx] 'ImagePath' = '%WINDIR%\SysWOW64\drivers\bbvsvUw32PdpZC.sbtx'
- 'ZxyCpDs24dTEwb.sbtx' %WINDIR%\SysWOW64\drivers\bbvsvUw32PdpZC.sbtx
- %WINDIR%\syswow64\drivers\bbvsvuw32pdpzc.sbtx
- C:\80.txt
- C:\80.txt
- from %WINDIR%\syswow64\drivers\bbvsvuw32pdpzc.sbtx to %TEMP%\1124985\....\temporaryfile
- 'ya###engba.cn':80
- http://www.ya###engba.cn/api.php
- DNS ASK ya###engba.cn