Technical Information
- [<HKLM>\System\CurrentControlSet\Services\netsvcs_Microsoft Wsmuuc osumsuwu] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\netsvcs_Microsoft Wsmuuc osumsuwu] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs -p'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\netsvcs_Microsoft Wsmuuc osumsuwu\Parameters] 'ServiceDll' = '%ProgramFiles(x86)%\Qaokiu.dll'
- 'netsvcs_Microsoft Wsmuuc osumsuwu' <SYSTEM32>\svchost.exe -k netsvcs -p
- %ProgramFiles(x86)%\qaokiu.dll
- from <Full path to file> to %WINDIR%\syswow64\1098995.bak
- 'xi####ya.noip.cn':19962
- DNS ASK xi####ya.noip.cn
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs -p