Technical Information
- [HKLM\software\Wow6432Node\microsoft\windows\CurrentVersion\Run] 'SkyWolf' = 'C:\System SkyWolf\SkyWolf.exe'
- C:\system skywolf\skywolf.exe
- 'ti##.tianqi.com':80
- http://ti##.tianqi.com/
- DNS ASK ft#######.host566.zhujiwu.me
- DNS ASK ti##.tianqi.com
- ClassName: '' WindowName: 'SkyWolf.exe'
- 'C:\system skywolf\skywolf.exe'
- '<Full path to file>' ' (with hidden window)
- 'C:\system skywolf\skywolf.exe' ' (with hidden window)