Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{f92B23AB-ZI5L-4UiV-ke2q-0000F87A469H}] 'StubPath' = '%APPDATA%\7POvjh\uOf7yZ.exe'
- <SYSTEM32>\svchost.exe
- %WINDIR%\Fonts\RunQiu.ttf
- %WINDIR%\Fonts\RQID.ttf
- %APPDATA%\7POvjh\uOf7yZ.exe
- %APPDATA%\7POvjh\LiveUDHelper.dll
- %WINDIR%\Fonts\HanQiuSheng.ttf
- 'localhost':1036
- DNS ASK da##.#unqiusoft.com
- '<SYSTEM32>\svchost.exe'