Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NiHyWaZn] 'ImagePath' = '%TEMP%\QoVvGeXl.sys'
- 'NiHyWaZn' %TEMP%\QoVvGeXl.sys
- %TEMP%\qovvgexl.sys
- C:\80.txt
- %TEMP%\qovvgexl.sys
- C:\80.txt
- 'ya###engba.cn':80
- http://www.ya###engba.cn/api.php
- DNS ASK ya###engba.cn