Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Rsouwa ekcsywac] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rsouwa ekcsywac] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Qwoeyg\Aiuucscy.exe'
- 'Rsouwa ekcsywac' %ProgramFiles(x86)%\Microsoft Qwoeyg\Aiuucscy.exe
- 'C:\zl.exe'
- '%ProgramFiles(x86)%\microsoft qwoeyg\aiuucscy.exe'
- '%ProgramFiles(x86)%\microsoft qwoeyg\aiuucscy.exe' Win7
- C:\zl.exe
- %ProgramFiles(x86)%\microsoft qwoeyg\aiuucscy.exe
- %ProgramFiles(x86)%\microsoft qwoeyg\aiuucscy.exe
- from C:\zl.exe to %WINDIR%\syswow64\1087155.bak
- http://18#.###.225.97:63528/fwqd.exe
- DNS ASK ca##undf.cn