Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Firewall (Windows·А»рЗЅ·юОсЖч)' = '%WINDIR%\system\System PrntScrn.exe'
- '%WINDIR%\SGToos.exe' (downloaded from the Internet)
- '%WINDIR%\SGToos.exe'
- %WINDIR%\SGToos.exe
- from <Full path to file> to %WINDIR%\system\System PrntScrn.exe
- 'www.vv##ck.com':80
- http://www.vv##ck.com/yz/mmyk/Tianma~.txt
- http://www.vv##ck.com/YZ/MMYK/mmJc.exe
- DNS ASK www.vv##ck.com