Technical Information
- [<HKLM>\System\CurrentControlSet\Services\vEATdgb6BdAwZ.sbtx] 'ImagePath' = '%WINDIR%\SysWOW64\drivers\srdwccQ9xQErB.sbtx'
- 'vEATdgb6BdAwZ.sbtx' %WINDIR%\SysWOW64\drivers\srdwccQ9xQErB.sbtx
- %WINDIR%\syswow64\drivers\srdwccq9xqerb.sbtx
- C:\80.txt
- C:\80.txt
- from %WINDIR%\syswow64\drivers\srdwccq9xqerb.sbtx to %TEMP%\1214077\....\temporaryfile
- 'ya###engba.cn':80
- http://www.ya###engba.cn/api.php
- DNS ASK ya###engba.cn