Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Ivenuce' = 'regsvr32.exe /s %APPDATA%\Owyxad\qeyvir.dll'
- '<SYSTEM32>\rundll32.exe' hzLzwqJ.dll,DllRegisterServer
- %WINDIR%\syswow64\msiexec.exe
- C:\msdownld.tmp\as102df7.tmp\rsk.dll
- %HOMEPATH%\documents\hzlzwqj.dll
- %APPDATA%\owyxad\qeyvir.dll
- C:\msdownld.tmp\as102df7.tmp\rsk.dll
- 'mi###anttra.at':443
- 'en###artner.at':443
- DNS ASK en###artner.at
- DNS ASK mi###anttra.at
- DNS ASK st####.rapidssl.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- '<SYSTEM32>\rundll32.exe' hzLzwqJ.dll,DllRegisterServer' (with hidden window)
- '%WINDIR%\syswow64\msiexec.exe'