Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'XXXXXX4DAF4403' = '%WINDIR%\XXXXXX4DAF4403.exe'
- from <Full path to virus> to %WINDIR%\XXXXXX4DAF4403.exe
- 'ym##.3322.org':6666
- DNS ASK ym##.3322.org
- '<Private IP address>':1037
- ClassName: '' WindowName: '??????????????'