Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\sacuwiwa] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\sacuwiwa] 'ImagePath' = '%WINDIR%\sacuwiwa.exe'
- %WINDIR%\sacuwiwa.exe
- %WINDIR%\waiwwswa.exe
- 'pr###.wsite.cz':80
- http://pr###.wsite.cz/YLh42t.php
- DNS ASK pr###.wsite.cz
- '%WINDIR%\sacuwiwa.exe'