Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'MSSMSGS' = 'rundll32.exe winjak32.rom,PRmgeRm'
- %WINDIR%\explorer.exe
- iexplore.exe
- %TEMP%\fig7ea8.tmp
- %WINDIR%\syswow64\winjak32.rom
- %TEMP%\fig7ea8.bat
- %TEMP%\fig7ea8.tmp
- DNS ASK ob####fseher.net
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'PROGMAN' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\fig7EA8.bat"' (with hidden window)
- '%WINDIR%\syswow64\werfault.exe' -u -p 2892 -s 120' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\fig7EA8.bat"