Technical Information
- [<HKLM>\System\CurrentControlSet\Services\YoiuHxmoe] 'ImagePath' = '%WINDIR%\QbA20Cxy.sys'
- [<HKLM>\System\CurrentControlSet\Services\KmVzUqUhdR] 'ImagePath' = '%WINDIR%\Temp\KmVzUqUhdR'
- 'YoiuHxmoe' %WINDIR%\QbA20Cxy.sys
- 'KmVzUqUhdR' %WINDIR%\Temp\KmVzUqUhdR
- Windows Update
- %WINDIR%\qba20cxy.sys
- %WINDIR%\temp\uddffc1.tmp
- %WINDIR%\temp\kmvzuquhdr
- %WINDIR%\temp\uddbf3.tmp
- %WINDIR%\qba20cxy.sys
- %WINDIR%\temp\uddffc1.tmp
- %WINDIR%\temp\uddbf3.tmp
- from %WINDIR%\temp\kmvzuquhdr to %TEMP%\986597\....\temporaryfile
- '<LOCALNET>.30.28':9001
- ClassName: '' WindowName: '%WINDIR%\SysWOW64\regsvr32.exe'