Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'nVidiaAgentUpdate32' = 'C:\PROGRA~2\wowus.exe'
- '<SYSTEM32>\vssvc.exe'
- '<SYSTEM32>\svchost.exe' -k swprv
- '<SYSTEM32>\wermgr.exe' -queuereporting
- '<SYSTEM32>\sysprep\sysprep.exe'
- '<SYSTEM32>\makecab.exe' /V1 %TEMP%\\cryptbase.dll %TEMP%\\cryptbase.msu
- '<SYSTEM32>\ctfmon.exe'
- '<SYSTEM32>\wusa.exe' %TEMP%\\cryptbase.msu /extract:<SYSTEM32>\sysprep
- <SYSTEM32>\Dwm.exe
- <SYSTEM32>\sysprep\Panther\diagwrn.xml
- <SYSTEM32>\sysprep\Panther\diagerr.xml
- <SYSTEM32>\sysprep\$dpx$.tmp\24bc93bec47ff843b885d58b29c6e6c2.tmp
- C:\ProgramData\wowus.exe
- <SYSTEM32>\sysprep\Panther\setupact.log
- %TEMP%\cryptbase.msu
- %TEMP%\cab_2828_3
- %TEMP%\cab_2828_2
- %TEMP%\cryptbase.dll
- %TEMP%\cab_2828_5
- %TEMP%\cab_2828_6
- %TEMP%\cab_2828_4
- %TEMP%\cab_2828_5
- %TEMP%\cab_2828_6
- <SYSTEM32>\sysprep\cryptbase.dll
- %TEMP%\cab_2828_2
- %TEMP%\cab_2828_3
- %TEMP%\cab_2828_4
- from <SYSTEM32>\sysprep\$dpx$.tmp\24bc93bec47ff843b885d58b29c6e6c2.tmp to <SYSTEM32>\sysprep\cryptbase.dll
- from <Full path to virus> to %TEMP%\DDD0.tmp
- 'download.windowsupdate.com':80
- DNS ASK ma###ek.info
- DNS ASK ha###ab.info
- DNS ASK ha###ys.info
- DNS ASK ma###of.info
- DNS ASK ma###um.info
- DNS ASK ha###os.info
- DNS ASK xu###ud.info
- DNS ASK pu###ag.info
- DNS ASK xu###er.info
- DNS ASK pu###yv.info
- DNS ASK ha###iz.info
- DNS ASK ma###am.info
- DNS ASK xu###yn.info
- DNS ASK ha###ez.info
- DNS ASK ma###yf.info
- DNS ASK ha###uw.info
- DNS ASK pu###ep.info
- DNS ASK pu###ug.info
- DNS ASK pu###ov.info
- DNS ASK xu###ir.info
- DNS ASK xu###aj.info
- DNS ASK ma###uc.info
- DNS ASK pu###up.info
- DNS ASK ha###ih.info
- DNS ASK xu###in.info
- DNS ASK ma###ot.info
- DNS ASK pu###yl.info
- DNS ASK xu###en.info
- DNS ASK ha###az.info
- DNS ASK ma###ef.info
- DNS ASK ha###yw.info
- DNS ASK pu###ol.info
- DNS ASK ma###yt.info
- DNS ASK ma###ac.info
- DNS ASK ma###ik.info
- DNS ASK xu###ox.info
- DNS ASK pu###iq.info
- DNS ASK pu###eq.info
- DNS ASK xu###ad.info
- DNS ASK xu###yx.info
- DNS ASK ha###eh.info
- DNS ASK ha###ub.info
- DNS ASK ha###ib.info
- DNS ASK ma###ec.info
- DNS ASK ma###ok.info
- DNS ASK dn#.##ftncsi.com
- DNS ASK ma###ut.info
- DNS ASK xu###ej.info
- DNS ASK xu###or.info
- DNS ASK pu###yp.info
- DNS ASK pu###av.info
- DNS ASK ha###yh.info
- DNS ASK xu###un.info
- DNS ASK ha###as.info
- DNS ASK pu###oq.info
- DNS ASK ha###yz.info
- DNS ASK download.windowsupdate.com
- DNS ASK ma###uf.info
- DNS ASK xu###id.info
- DNS ASK xu###ax.info
- DNS ASK pu###ul.info
- DNS ASK ha###iw.info
- DNS ASK ma###em.info
- DNS ASK pu###eg.info
- DNS ASK pu###ip.info
- DNS ASK xu###yr.info
- DNS ASK ma###yk.info
- DNS ASK pu###uv.info
- DNS ASK ha###oh.info
- DNS ASK ma###ic.info
- DNS ASK ma###at.info
- DNS ASK xu###uj.info
- DNS ASK ha###eb.info
- DNS ASK pu###yq.info
- DNS ASK ha###aw.info
- DNS ASK ha###oz.info
- DNS ASK ma###af.info
- DNS ASK pu###ig.info
- DNS ASK xu###ux.info
- DNS ASK pu###al.info
- DNS ASK xu###on.info
- DNS ASK xu###ed.info
- DNS ASK ma###im.info
- DNS ASK ha###us.info
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: '????????????'
- ClassName: 'Indicator' WindowName: '(null)'