Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Wuauclt] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wuauclt] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [<HKLM>\SYSTEM\CurrentControlSet\Services\Wuauclt\Parameters] 'ServiceDll' = '<SYSTEM32>\Wuauclt.dll'
- 'Wuauclt' <SYSTEM32>\svchost.exe -k netsvcs
- %WINDIR%\syswow64\wuauclt.dll
- <DRIVERS>\etc\newhost.txt
- <DRIVERS>\etc\newhost.txt
- <DRIVERS>\etc\newhost.txt
- DNS ASK 99##z.cn
- '%WINDIR%\syswow64\svchost.exe' -k netsvcs