Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\b662ef49] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\b662ef49] 'ImagePath' = '"<SYSTEM32>\<File name>.exe" -run'
- <Current directory>\log\<File name>_20180725_0.log
- <SYSTEM32>\<File name>.exe
- <SYSTEM32>\mstscak.dat
- <SYSTEM32>\log\<File name>_20180725_0.log
- 'up#####down.16288.cn':80
- http://up#####down.16288.cn/mstsck/update_info.asp
- DNS ASK wx####g.16288.cn
- DNS ASK up#####down.16288.cn
- '<SYSTEM32>\<File name>.exe' -install
- '<SYSTEM32>\<File name>.exe' -run