Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'MSSMSGS' = 'rundll32.exe wintpv32.rom,QklCQqyasINA'
- iexplore.exe
- %TEMP%\zxt2a04.exe
- %TEMP%\zxt2d22.exe
- %TEMP%\kby2ed7.tmp
- %WINDIR%\syswow64\wintpv32.rom
- %TEMP%\kby2ed7.bat
- %TEMP%\kby2ed7.tmp
- from %TEMP%\zxt2d22.exe to %TEMP%\3977.tmp
- DNS ASK ob####fseher.net
- DNS ASK ni###adden.in
- ClassName: 'IEFrame' WindowName: ''
- '%TEMP%\zxt2a04.exe'
- '%TEMP%\zxt2d22.exe'
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\KBy2ED7.bat"' (with hidden window)
- '%WINDIR%\syswow64\werfault.exe' -u -p 976 -s 108' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\KBy2ED7.bat"