Technical Information
- [<HKLM>\System\CurrentControlSet\Services\AXAlfpwhpza] 'ImagePath' = '%WINDIR%\Fonts\AXAlfpwhpza.sys'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\MAYEAAFUZMYTQNN] 'ImagePath' = '%TEMP%\\MAYEAAFUZMYTQNN.sys'
- [<HKLM>\System\CurrentControlSet\Services\MAYEAAFUZMYTQNN] 'ImagePath' = '%TEMP%\MAYEAAFUZMYTQNN.sys'
- 'AXAlfpwhpza' %WINDIR%\Fonts\AXAlfpwhpza.sys
- 'MAYEAAFUZMYTQNN' %TEMP%\\MAYEAAFUZMYTQNN.sys
- 'MAYEAAFUZMYTQNN' %TEMP%\MAYEAAFUZMYTQNN.sys
- %WINDIR%\fonts\axalfpwhpza.sys
- %WINDIR%\syswow64\sys.ini
- %TEMP%\mayeaafuzmytqnn.sys
- %WINDIR%\temp\udd9b56.tmp
- %WINDIR%\fonts\axalfpwhpza.sys
- %WINDIR%\syswow64\sys.ini
- %TEMP%\mayeaafuzmytqnn.sys
- %WINDIR%\temp\udd9b56.tmp
- %TEMP%\mayeaafuzmytqnn.sys
- '20#.#07.1.33':80
- '47.##5.189.174':666
- 'localhost':19168
- http://20#.#07.1.33:80/187270/d?ho######################## via 20#.#07.1.33