Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Rsoaoa cgeakayk] 'ImagePath' = '%WINDIR%\svchost1.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Rsoaoa cgeakayk] 'Start' = '00000002'
- from <Full path to file> to %WINDIR%\svchost1.exe
- 'my##li.cn':2088
- DNS ASK www.my##li.cn
- '%WINDIR%\svchost1.exe'