Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'recovery' = '"%WINDIR%\SysWOW64"\wminf.exe kzs'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'recovery' = '"%WINDIR%\SysWOW64"\wminf.exe kzs'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Command Processor] 'Autorun' = '"%WINDIR%\SysWOW64"\wminf.exe kzs'
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdaregistersw
- %WINDIR%\syswow64\dspwdm.exe
- %WINDIR%\syswow64\wminf.exe
- %TEMP%\65c59a32-5fd2-4f8f-880b-69eba0dc5bfb
- %WINDIR%\syswow64\ctfschd.ocx
- %WINDIR%\syswow64\sqldsp.exe
- from %TEMP%\65c59a32-5fd2-4f8f-880b-69eba0dc5bfb to %TEMP%\advsec32.dll
- '18#.#54.184.83':21
- '%WINDIR%\syswow64\dspwdm.exe' ese
- '%WINDIR%\syswow64\dspwdm.exe' ese' (with hidden window)
- '%TEMP%\engschddhcp.exe' ' (with hidden window)