Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '' = '%ProgramFiles%\ghfctd\ghfctd.exe'
- ghfctd.exe
- <Current directory>\wc.dat
- <Current directory>\etcomm.dll
- %ProgramFiles%\ghfctd\wc.dat
- %ProgramFiles%\ghfctd\ghfctd.exe
- %ProgramFiles%\ghfctd\etcomm.dll
- 'localhost':2012
- DNS ASK le##e8.cn
- '%ProgramFiles%\ghfctd\ghfctd.exe'