Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Stuvwx] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Stuvwx] 'ImagePath' = '%WINDIR%\cgcygi.exe'
- 'Stuvwx' %WINDIR%\cgcygi.exe
- %WINDIR%\cgcygi.exe
- from <Full path to file> to %WINDIR%\syswow64\1095579.bak
- 'jh###020.com':63801
- '11#.#88.240.137':8001
- DNS ASK jh###020.com
- '%WINDIR%\cgcygi.exe'
- '%WINDIR%\cgcygi.exe' Win7