Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Please Input Service Nlil] 'Start' = '00000002'
- '<SYSTEM32>\svhost.exe'
- <SYSTEM32>\svhost.exe
- from <Full path to virus> to %TEMP%\SOFTWARE.LOG
- 'any':3794
- 'dd##.yeswzy.com':3794
- DNS ASK dd##.yeswzy.com