Technical Information
- [<HKLM>\System\CurrentControlSet\Services\vbxinst] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\vbxinst] 'ImagePath' = '%WINDIR%\syswow64\vbxinst.exe'
- %WINDIR%\syswow64\vbxinst.exe
- %PROGRAMDATA%\vbx.dll
- %WINDIR%\syswow64\vbx.dll
- %WINDIR%\syswow64\ntsvc.ocx
- %WINDIR%\syswow64\devcon.exe
- %WINDIR%\syswow64\cbsync.exe
- %WINDIR%\syswow64\clipb.exe
- %WINDIR%\temp\~df3fb4f94710983b54.tmp
- '%WINDIR%\syswow64\vbxinst.exe' /install
- '%WINDIR%\syswow64\vbxinst.exe'
- '%WINDIR%\syswow64\cbsync.exe'
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32 /s %WINDIR%\syswow64\ntsvc.ocx' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c sc start vbxinst' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c regsvr32 /s %WINDIR%\syswow64\ntsvc.ocx
- '%WINDIR%\syswow64\regsvr32.exe' /s %WINDIR%\syswow64\ntsvc.ocx
- '%WINDIR%\syswow64\cmd.exe' /c sc start vbxinst
- '%WINDIR%\syswow64\sc.exe' start vbxinst