Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Nationalrob] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Nationalrob] 'ImagePath' = '<SYSTEM32>\mqyeqa.exe'
- 'Nationalrob' <SYSTEM32>\mqyeqa.exe
- %TEMP%\injector.exe
- %TEMP%\server.exe
- %WINDIR%\syswow64\mqyeqa.exe
- 'localhost':8080
- DNS ASK ka####.codns.com
- ClassName: '#32770' WindowName: 'Ó²¼þ°²×°'
- '%TEMP%\injector.exe'
- '%TEMP%\server.exe'
- '%WINDIR%\syswow64\mqyeqa.exe'