Technical Information
- [<HKLM>\System\CurrentControlSet\Services\SNFP] 'ImagePath' = '%WINDIR%\SysWOW64\drivers\snfp64.sys'
- 'SNFP' %WINDIR%\SysWOW64\drivers\snfp64.sys
- <Current directory>\goeyjlayf.dll
- %WINDIR%\syswow64\drivers\snfp64.sys
- %WINDIR%\temp\udd3a03.tmp
- %WINDIR%\temp\udd3a03.tmp
- http://in##.#orkday360.cn/jfmbh_game.json
- http://in##.#orkday360.cn/jfmbh_show.json
- http://ds##.#orkday360.cn/?op###############
- DNS ASK ds##.stnts.com
- DNS ASK in##.#orkday360.cn
- DNS ASK ds##.#orkday360.cn
- DNS ASK st###.#teampowered.com
- DNS ASK 6.#n
- DNS ASK v.#.cn
- DNS ASK tu#o.tv
- DNS ASK 9x##.com
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "<Full path to file>"