Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Bcdefg Ijklmnop Rst] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Bcdefg Ijklmnop Rst] 'ImagePath' = '%WINDIR%\kouqok.exe'
- 'Bcdefg Ijklmnop Rst' %WINDIR%\kouqok.exe
- %WINDIR%\kouqok.exe
- '20#.#4.55.130':2017
- '12###.xicp.net':923
- DNS ASK 12###.xicp.net
- '%WINDIR%\kouqok.exe'