Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\Rsmpnc diybzxky] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\Rsmpnc diybzxky] 'ImagePath' = '%ProgramFiles%\Microsoft Kibdru\Wgeasgu.exe'
- %ProgramFiles%\Microsoft Kibdru\Wgeasgu.exe
- %ProgramFiles%\Microsoft Kibdru\Wgeasgu.exe
- '80##126.com':3838
- DNS ASK 80##126.com
- '%ProgramFiles%\Microsoft Kibdru\Wgeasgu.exe'