Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NalDrv] 'ImagePath' = '<Current directory>\NalDrv.sys'
- [<HKLM>\System\CurrentControlSet\Services\PROCEXP152] 'ImagePath' = '%TEMP%\PROCEXP152.sys'
- 'NalDrv' <Current directory>\NalDrv.sys
- 'PROCEXP152' %TEMP%\PROCEXP152.sys
- %WINDIR%\logs\extasy.dll
- %WINDIR%\softwaredistribution\download\uyoo4.sys
- %WINDIR%\softwaredistribution\download\uyoo4.exe
- <Current directory>\naldrv.sys
- %TEMP%\procexp152.sys
- %TEMP%\procexp152.sys
- <Current directory>\naldrv.sys
- %WINDIR%\softwaredistribution\download\uyoo4.sys
- %WINDIR%\softwaredistribution\download\uyoo4.exe
- 'ao####tware.online':80
- http://ao####tware.online/uarebrands/extasy.dll
- DNS ASK ao####tware.online
- '%WINDIR%\softwaredistribution\download\uyoo4.exe' -map %WINDIR%\SoftwareDistribution\Download\uYOO4.sys
- '%WINDIR%\softwaredistribution\download\uyoo4.exe' -map %WINDIR%\SoftwareDistribution\Download\uYOO4.sys' (with hidden window)