Technical Information
- [<HKLM>\System\CurrentControlSet\Services\.Net CLR] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\.Net CLR] 'ImagePath' = '<SYSTEM32>\kouqok.exe'
- '.Net CLR' <SYSTEM32>\kouqok.exe
- %WINDIR%\syswow64\kouqok.exe
- '10#.#60.240.220':6380
- '%WINDIR%\syswow64\kouqok.exe'