Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Service] 'ImagePath' = '%WINDIR%\jwzvwy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Application Service] 'Start' = '00000002'
- '%WINDIR%\jwzvwy.exe'
- %WINDIR%\jwzvwy.exe
- 'www.wa##1.com':80
- 'ra#.#xlol.com':8080
- DNS ASK www.wa##1.com
- DNS ASK ra#.#xlol.com