Technical Information
- [<HKLM>\System\CurrentControlSet\Services\PZdpycrdd] 'ImagePath' = '%TEMP%\wEGCsCrFBP1.sys'
- 'PZdpycrdd' %TEMP%\wEGCsCrFBP1.sys
- %TEMP%\wegcscrfbp1.sys
- %WINDIR%\temp\uddce56.tmp
- %WINDIR%\temp\uddd652.tmp
- %WINDIR%\temp\uddde30.tmp
- %WINDIR%\temp\udde61d.tmp
- %WINDIR%\temp\uddedfa.tmp
- %WINDIR%\temp\uddf5d8.tmp
- %TEMP%\wegcscrfbp1.sys
- %WINDIR%\temp\uddce56.tmp
- %WINDIR%\temp\uddd652.tmp
- %WINDIR%\temp\uddde30.tmp
- %WINDIR%\temp\udde61d.tmp
- %WINDIR%\temp\uddedfa.tmp
- %WINDIR%\temp\uddf5d8.tmp
- 'sh###.weiyun.com':443
- 'microsoft.com':80
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'sh###.weiyun.com':443
- DNS ASK sh###.weiyun.com
- DNS ASK microsoft.com