Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'MsUpdate' = 'C:\MsUpdate.exe'
- lsass.exe
- %TEMP%\ixp000.tmp\lsass.exe
- %TEMP%\ixp000.tmp\poweriso42.exe
- %TEMP%\nsk973.tmp
- %TEMP%\nsu9b2.tmp\options.ini
- %TEMP%\nsu9b2.tmp\system.dll
- DNS ASK de###forfun.com
- ClassName: 'SCDEMUAPP_C2C80BFA WNDCLASS' WindowName: ''
- '%TEMP%\ixp000.tmp\lsass.exe'
- '%TEMP%\ixp000.tmp\poweriso42.exe'