Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Opqrstuvwxypabcde] 'ImagePath' = 'C:\ProgramData\svchost.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Opqrstuvwxypabcde] 'Start' = '00000002'
- from <Full path to file> to <SYSTEM32>\179468.bak
- 'mi###gs.mpc.cn':580
- 'localhost':1037
- DNS ASK mi###gs.mpc.cn