Technical Information
- [<HKLM>\System\CurrentControlSet\Services\NHjoFYCuwLV] 'ImagePath' = '%TEMP%\NHjoFY.sys'
- 'NHjoFYCuwLV' %TEMP%\NHjoFY.sys
- %WINDIR%\syswow64\cmmon32.exe
- %TEMP%\nhjofy.sys
- %TEMP%\nhjofy.sys
- 'co####.kfjiec8.com':80
- http://47.##.68.142/av.php
- DNS ASK co####.kfjiec8.com
- '%WINDIR%\syswow64\cmmon32.exe'