Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Wskeic cwwycwwc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wskeic cwwycwwc] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Oewkiy\Qnanzyz.exe'
- 'Wskeic cwwycwwc' %ProgramFiles(x86)%\Microsoft Oewkiy\Qnanzyz.exe
- %ProgramFiles(x86)%\microsoft oewkiy\qnanzyz.exe
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\69c6f6ec64e114822df688dc12cdd86c
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\69c6f6ec64e114822df688dc12cdd86c
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\9180a7fbbd87424dacada8a60084bfe8
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\9180a7fbbd87424dacada8a60084bfe8
- %ProgramFiles%\apppatch\netsyst69.dll
- '00####.free3v.net':80
- 'yo###itec.com':80
- 'yo###itec.com':443
- http://00####.free3v.net/NetSyst69.jpg
- http://www.yo###itec.com/NetSyst69.jpg
- 'yo###itec.com':443
- DNS ASK 00####.free3v.net
- DNS ASK yo###itec.com
- '%ProgramFiles(x86)%\microsoft oewkiy\qnanzyz.exe'