Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Rsmeac ocayuasu] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rsmeac ocayuasu] 'ImagePath' = '%ProgramFiles(x86)%\Microsoft Ycekyw\Wweqioq.exe'
- 'Rsmeac ocayuasu' %ProgramFiles(x86)%\Microsoft Ycekyw\Wweqioq.exe
- %ProgramFiles(x86)%\microsoft ycekyw\wweqioq.exe
- %ProgramFiles(x86)%\microsoft ycekyw\wweqioq.exe
- '11#.#32.64.209':9652
- DNS ASK 18##xss.com
- '%ProgramFiles(x86)%\microsoft ycekyw\wweqioq.exe'