Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Wnetwisk] 'Start' = '00000002'
- from <SYSTEM32>\wcynsvc.ocx to <SYSTEM32>\wcynsvc.exe
- from <Full path to virus> to <SYSTEM32>\wcynsvc.ocx
- 'my####ng33.gicp.net':80
- 'my####ng55.3322.org':80
- DNS ASK my####ng33.gicp.net
- DNS ASK my####ng55.3322.org
- ClassName: 'Shell_TrayWnd' WindowName: ''