Technical Information
- [HKLM\System\CurrentControlSet\Services\MSDIS] 'Start' = '00000002'
- [HKLM\System\CurrentControlSet\Services\MSDIS] 'ImagePath' = '<SYSTEM32>\svchost.exe -k netsvcs'
- [HKLM\SYSTEM\CurrentControlSet\Services\MSDIS\Parameters] 'ServiceDll' = '%ProgramFiles(x86)%\data.dll'
- 'MSDIS' <SYSTEM32>\svchost.exe -k netsvcs
- %ProgramFiles(x86)%\gy.exe
- %ProgramFiles(x86)%\data.dll
- %ProgramFiles(x86)%\gy.exe
- DNS ASK wx####sg.3322.org
- ClassName: 'EDIT' WindowName: ''
- '%ProgramFiles(x86)%\gy.exe'
- '%WINDIR%\syswow64\cmd.exe' /c del "%ProgramFiles(x86)%\gy.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del "%ProgramFiles(x86)%\gy.exe"