Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Rswqqk qeuguusk] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rswqqk qeuguusk] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Hiqczj\Sdmlwb.exe'
- [<HKLM>\System\CurrentControlSet\Services\Wsqqov mlwxxmkp] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wsqqov mlwxxmkp] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Cliqpy\Ysccgii.exe'
- 'Rswqqk qeuguusk' %ProgramFiles(x86)%\Microsoft Hiqczj\Sdmlwb.exe
- 'Wsqqov mlwxxmkp' %ProgramFiles(x86)%\Microsoft Cliqpy\Ysccgii.exe
- %TEMP%\qqsclauncher.exe
- %TEMP%\һ�������Г»���������.exe
- %TEMP%\scvhost.exe
- %ProgramFiles(x86)%\microsoft hiqczj\sdmlwb.exe
- from %TEMP%\scvhost.exe to %WINDIR%\syswow64\1177152.bak
- 'cx#####9965.f3322.net':8000
- DNS ASK cx#####9965.f3322.net
- '%TEMP%\qqsclauncher.exe'
- '%TEMP%\һ�������Г»���������.exe'
- '%TEMP%\scvhost.exe'
- '%ProgramFiles(x86)%\microsoft hiqczj\sdmlwb.exe'
- '%ProgramFiles(x86)%\microsoft hiqczj\sdmlwb.exe' Win7