Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Gwogwo Hxpgx] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Gwogwo Hxpgx] 'ImagePath' = 'C:\\Windows\\Gwogw.exe -auto'
- gwogw.exe
- %WINDIR%\gwogw.exe
- %WINDIR%\gwogw.exe
- 'qq####uo.eatuo.com':80
- DNS ASK qq####uo.eatuo.com
- '%WINDIR%\gwogw.exe' -auto
- '%WINDIR%\gwogw.exe' -acsi