Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wJAtf] 'ImagePath' = '%TEMP%\jbveli.sys'
- 'wJAtf' %TEMP%\jbveli.sys
- %TEMP%\jbveli.sys
- %WINDIR%\temp\udd5669.tmp
- %WINDIR%\temp\udd5669.tmp
- http://cl###.crseo.cn/v80/yz.php
- DNS ASK cl###.crseo.cn