Technical Information
- [<HKLM>\SYSTEM\ControlSet001\services\GhFGDDFGffuck360ijkl Nospfqrstu Wxy] 'Start' = '00000002'
- '%WINDIR%\wwwywu.exe'
- '<SYSTEM32>\WScript.exe' "C:\6665.vbs"
- C:\6665.vbs
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\<Virus name>.exe
- %WINDIR%\wwwywu.exe
- %WINDIR%\wwwywu.exe
- C:\6665.vbs
- 'cy####.f3322.org':2004
- DNS ASK dn#.##ftncsi.com
- DNS ASK cy####.f3322.org