Technical Information
- [<HKLM>\System\CurrentControlSet\Services\TwZsEpy25dsZiQ.sbtx] 'ImagePath' = '%WINDIR%\SysWOW64\drivers\gDvpCUv39ZcyTF.sbtx'
- 'TwZsEpy25dsZiQ.sbtx' %WINDIR%\SysWOW64\drivers\gDvpCUv39ZcyTF.sbtx
- %WINDIR%\syswow64\drivers\gdvpcuv39zcytf.sbtx
- C:\80.txt
- C:\80.txt
- from %WINDIR%\syswow64\drivers\gdvpcuv39zcytf.sbtx to %TEMP%\1382964\....\temporaryfile
- 'ya###engba.cn':80
- http://www.ya###engba.cn/api.php
- DNS ASK ya###engba.cn