Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SA3285] 'ImagePath' = '%TEMP%\tDrTTZE.sys'
- NtProtectVirtualMemory, handler: unknown
- NtCreateThread, handler: unknown
- C:\80.txt
- %TEMP%\tDrTTZE.sys
- %TEMP%\tDrTTZE.sys
- %TEMP%\tDrTTZE.sys
- 'ak.#x9.cc':80
- http://ak.#x9.cc/Jerry.php
- DNS ASK ak.#x9.cc
- ClassName: 'Shell_TrayWnd' WindowName: ''