Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'NDumdeCsynKA' = 'C:\NDumdeCsynKA\NDumdeCsynKA.exe'
- C:\NDumdeCsynKA\NDumdeCsynKA.exe
- %TEMP%\sample.html
- <SYSTEM32>\wbem\Performance\WmiApRpl_new.ini
- C:\NDumdeCsynKA\NDumdeCsynKA.exe
- C:\NDumdeCsynKA\NDumdeCsynKA.exe
- %TEMP%\sample.html
- 'bl##.##pernova.ind.in':80
- DNS ASK bl##.##pernova.ind.in