Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqrstuvwxyabc] 'ImagePath' = 'C:\ProgramData\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Mnopqrstuvwxyabc] 'Start' = '00000002'
- from <Full path to file> to <SYSTEM32>\164781.bak
- 'mi###gs.mpc.cn':580
- 'localhost':1037
- DNS ASK mi###gs.mpc.cn