Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Gateway Service Mnopqr] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Gateway Service Mnopqr] 'ImagePath' = '%WINDIR%\system\svcohst.exe'
- %WINDIR%\system\svcohst.exe
- from <Full path to file> to %WINDIR%\syswow64\1050171.bak
- 'vs##.noip.cn':9671
- DNS ASK vs##.noip.cn
- '%WINDIR%\system\svcohst.exe'
- '%WINDIR%\system\svcohst.exe' Win7