Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Wnetwiss] 'Start' = '00000002'
- <Drive name for removable media>:\sysinfo.exe
- <SYSTEM32>\sysinfo.exe
- <SYSTEM32>\cmd.exe /c ""<SYSTEM32>\SYSINFO.BAT" "
- <SYSTEM32>\SYSINFO.BAT
- <SYSTEM32>\sysinfo.exe
- <SYSTEM32>\sysinfo.exe
- <Full path to virus>
- 'my####ng33.gicp.net':80
- 'my####ng55.3322.org':80
- DNS ASK my####ng55.3322.org
- DNS ASK my####ng33.gicp.net
- '<Private IP address>':1035
- '<Private IP address>':1036