Technical Information
- [HKLM\System\CurrentControlSet\Services\nybwoap] 'ImagePath' = '<PATH_SAMPLE>.sys'
- [HKLM\System\CurrentControlSet\Services\nybwoap] 'Start' = '00000001'
- 'nybwoap' <PATH_SAMPLE>.sys
- DNS server to '114.114.114.114'
- DNS server to '<DNS_SERVER>'
- '10#.#01.172.229':80
- 'os#.##iyungx.com':80
- '22#.#9.68.50':80
- '1.##4.187.4':80
- '58.##3.140.96':80
- '61.##3.70.228':80
- http://os#.##iyungx.com/data.php?t=#####
- http://os#.##iyungx.com/xinxinlistj.rar
- http://os#.##iyungx.com/listh.rar
- http://os#.##iyungx.com/md5exe.rar
- http://os#.##iyungx.com/exeFeatureCode.rar
- http://os#.##iyungx.com/updata64.php?t=#######
- DNS ASK ba##u.com
- DNS ASK os#.##iyungx.com