Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Wsamks quiyzgzo] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wsamks quiyzgzo] 'ImagePath' = '%ProgramFiles(x86)%\Windows NT\Rsbdqow.exe'
- %ProgramFiles(x86)%\windows nt\rsbdqow.exe
- DNS ASK sh###ing2025.cn
- '%ProgramFiles(x86)%\windows nt\rsbdqow.exe'