Technical Information
- [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] 'MSSMSGS' = 'rundll32.exe windgd32.rom,vyGNgVStyY'
- iexplore.exe
- %TEMP%\stl5bc6.tmp
- %WINDIR%\syswow64\windgd32.rom
- %TEMP%\stl5bc6.bat
- %TEMP%\stl5bc6.tmp
- DNS ASK sa###oft.net
- ClassName: 'IEFrame' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\stl5BC6.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%TEMP%\stl5BC6.bat"