Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\yubeymbe] 'ImagePath' = 'system32\drivers\yubeymbe.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\yubeymbe] 'Start' = '00000000'
- %WINDIR%\update.exe
- %TEMP%\host3005.exe
- %WINDIR%\update.exe (downloaded from the Internet)
- NtSetValueKey, handler: yubeymbe.sys
- <DRIVERS>\yubeymbe.sys
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].exe
- %WINDIR%\update.exe
- %TEMP%\host3005.exe
- %ALLUSERSPROFILE%\Desktop\Internet Explorer.lnk
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
- 'ba####.#enleidangdang.com':80
- 'do##.adonga.cn':80
- 'localhost':1036
- ba####.#enleidangdang.com/tj/3005/000000000001/7VBpc?Ul############################################################
- do##.adonga.cn/update.exe
- DNS ASK ba####.#enleidangdang.com
- DNS ASK do##.adonga.cn