Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] '2.exe' = '<SYSTEM32>\nvscv32.exe'
- %WINDIR%\syswow64\nvscv32.exe
- %WINDIR%\syswow64\nvscv32.exe
- DNS ASK zk##s.us
- ClassName: '' WindowName: 'CommView'
- '%WINDIR%\syswow64\nvscv32.exe'
- '%WINDIR%\syswow64\nvscv32.exe' ' (with hidden window)