Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wJAtf] 'ImagePath' = '%TEMP%\svhgkr.sys'
- 'wJAtf' %TEMP%\svhgkr.sys
- %TEMP%\svhgkr.sys
- %WINDIR%\temp\udd9c5e.tmp
- %WINDIR%\temp\udd9c5e.tmp
- '42.##2.117.22':80
- 'so##ax.com':80
- 'so##ax.com':443
- http://www.da###oke2.com/
- http://42.##2.117.22/ldyz/yz.php
- 'so##ax.com':443
- DNS ASK da###oke2.com
- DNS ASK so##ax.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''