Technical Information
- [HKLM\System\CurrentControlSet\Services\W32Time] 'Start' = '00000002'
- C:\ms9897.tmp
- C:\downloads\rcx2c4d.tmp
- from C:\ms9897.tmp to C:\downloads\ffu2l.00c
- from C:\downloads\rcx2c4d.tmp to C:\downloads\ffu2l.00c
- 'hy####169.3322.org':8000
- 'jj.##77888.com':80
- http://jj.##77888.com/temp/ww0.jpg
- DNS ASK hy####169.3322.org
- DNS ASK jj.##77888.com
- DNS ASK js.##168168.com
- '%WINDIR%\syswow64\sc.exe' stop w32time' (with hidden window)
- '%WINDIR%\syswow64\sc.exe' config w32time start= auto' (with hidden window)
- '%WINDIR%\syswow64\net.exe' start w32time' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' C:\DOWNLO~1\\Ffu2L.00c itf2
- '%WINDIR%\syswow64\sc.exe' stop w32time
- '%WINDIR%\syswow64\sc.exe' config w32time start= auto
- '%WINDIR%\syswow64\net.exe' start w32time
- '%WINDIR%\syswow64\net1.exe' start w32time