Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Captcha7' = 'rundll "%ProgramFiles(x86)%\captcha7.dll",captcha'
- Handler for all processes: %ProgramFiles(x86)%\captcha7.dll
- %ProgramFiles(x86)%\captcha7.dll
- C:\captcha.bat
- %ProgramFiles(x86)%\captcha7.dll
- DNS ASK gl####j20090809.com
- DNS ASK pi####-110809.com
- DNS ASK su###082009.com
- DNS ASK bo####-110809.com
- DNS ASK up####908013.com
- '%WINDIR%\syswow64\rundll32.exe' "%ProgramFiles(x86)%\captcha7.dll",captcha' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c c:\captcha.bat' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%ProgramFiles(x86)%\captcha7.dll",captcha
- '%WINDIR%\syswow64\cmd.exe' /c c:\captcha.bat