Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wJAtf] 'ImagePath' = '%TEMP%\ring0.sys'
- 'wJAtf' %TEMP%\ring0.sys
- %TEMP%\tenuep.ue
- <Current directory>\ldyz.yz
- %WINDIR%\syswow64\ldyz.yz
- %TEMP%\ring0.sys
- %WINDIR%\temp\udd28f.tmp
- <Current directory>\ldyz.yz
- %TEMP%\tenuep.ue
- %WINDIR%\temp\udd28f.tmp
- 'ld##z.com':80
- http://www.ld##z.com/yz/sx.php
- DNS ASK ld##z.com
- DNS ASK ld#.#dyzz.com
- ClassName: '' WindowName: ''