Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Wsyiww ssumsqwi] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wsyiww ssumsqwi] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Ktytkd\Keeeguo.exe'
- 'Wsyiww ssumsqwi' %ProgramFiles(x86)%\Microsoft Ktytkd\Keeeguo.exe
- %ProgramFiles(x86)%\microsoft ktytkd\keeeguo.exe
- C:\1726.vbs
- C:\1726.vbs
- 'ya####duo.f3322.net':2012
- DNS ASK ya####duo.f3322.net
- '%ProgramFiles(x86)%\microsoft ktytkd\keeeguo.exe'
- '%ProgramFiles(x86)%\microsoft ktytkd\keeeguo.exe' Win7
- '%WINDIR%\syswow64\wscript.exe' "C:\1726.vbs"
- '%WINDIR%\syswow64\wscript.exe' "C:\1726.vbs"' (with hidden window)