Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xRggNPmW\' = '\xRggNPmW\teMistFY.exe'
- [<HKLM>\System\CurrentControlSet\Services\chrome] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\chrome] 'ImagePath' = '<SYSTEM32>\zqlrqa.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- C:\xrggnpmw\temistfy.exe
- %WINDIR%\syswow64\zqlrqa.exe
- '%WINDIR%\syswow64\zqlrqa.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' ' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'