Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Wnetwsi] 'Start' = '00000002'
- from <SYSTEM32>\wcsnsvc.ocx to <SYSTEM32>\wcsnsvc.exe
- from <Full path to virus> to <SYSTEM32>\wcsnsvc.ocx
- 'my####ng33.gicp.net':80
- 'my####ng55.3322.org':80
- 'my####ng33.gicp.net':8088
- 'my####ng55.3322.org':8088
- DNS ASK my####ng55.3322.org
- DNS ASK my####ng33.gicp.net
- '<Private IP address>':1037
- '<Private IP address>':1038
- '<Private IP address>':1035
- '<Private IP address>':1036
- ClassName: 'Shell_TrayWnd' WindowName: ''