Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Fnkukgpy' = 'C:\Users\Public\Fnkukgpy.url'
- %WINDIR%\syswow64\sndvol.exe
- C:\users\public\libraries\fnkukgpy.pif
- C:\users\public\fnkukgpy.url
- C:\users\public\libraries\null
- C:\users\public\libraries\easinvoker.exe
- C:\users\public\libraries\fnkukgpyo.bat
- C:\users\public\libraries\netutils.dll
- C:\users\public\libraries\kdeco.bat
- 'ss###ell.com':80
- 'to###do.ydns.eu':1972
- http://ss###ell.com/dgfhgfdtxxdzsregdfc/Fnkukgpygdf
- 'to###do.ydns.eu':1972
- DNS ASK ss###ell.com
- DNS ASK to###do.ydns.eu
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Libraries\FnkukgpyO.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Libraries\FnkukgpyO.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c mkdir "\\?\%WINDIR% "
- '%WINDIR%\syswow64\sndvol.exe'