Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'system' = '<SYSTEM32>\system.exe'
- %WINDIR%\syswow64\svgrnn.dll
- %ProgramFiles%\kav\cdriver.sys
- %ProgramFiles%\kav\cdriver.inf
- %WINDIR%\syswow64\aoiuon.dll
- %TEMP%\753e.tmp
- %ProgramFiles%\kav\cdriver.sys
- %ProgramFiles%\kav\cdriver.inf
- from <Full path to file> to %WINDIR%\syswow64\system.exe
- DNS ASK vh##.t2uc.com
- ClassName: '' WindowName: 'MiniSniffer'
- '%WINDIR%\syswow64\sc.exe' stop PolicyAgent' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' <SYSTEM32>\svgrnn.dll Exucute
- '%WINDIR%\syswow64\sc.exe' stop PolicyAgent
- '%WINDIR%\syswow64\rundll32.exe' <SYSTEM32>\aoiuon.dll Exucute