Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Jklmno Qrstuvwx Abc] 'ImagePath' = '%WINDIR%\zqbzmy.exe'
- 'Jklmno Qrstuvwx Abc' %WINDIR%\zqbzmy.exe
- %WINDIR%\zqbzmy.exe
- '<LOCALNET>.48.41':2015
- /ip/127.0.0.1 via ip.#a2.cn
- DNS ASK ip.#a2.cn
- '%WINDIR%\zqbzmy.exe'
- '%WINDIR%\zqbzmy.exe' Win7