Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'FikerOgehe' = 'regsvr32.exe "%ALLUSERSPROFILE%\FikerOgehe\HukoQfig.rcr"'
- <SYSTEM32>\wudfhost.exe
- iexplore.exe
- iexplore.exe process, advapi32.dll module
- iexplore.exe process, crypt32.dll module
- firefox.exe process, advapi32.dll module
- firefox.exe process, crypt32.dll module
- iexplore.exe process, wininet.dll module
- firefox.exe process, nss3.dll module
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] '2500' = '00000003'
- %ALLUSERSPROFILE%\fikerogehe\hukoqfig.rcr