Technical Information
- [<HKLM>\System\CurrentControlSet\Services\DbProtectSupport] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\DbProtectSupport] 'ImagePath' = '%ProgramFiles%\DbProtectSupport\svchost.exe'
- 'DbProtectSupport' %ProgramFiles%\DbProtectSupport\svchost.exe
- %ProgramFiles%\dbprotectsupport\svchost.exe.bak
- %ProgramFiles%\dbprotectsupport\svchost.exe
- %ProgramFiles%\dbprotectsupport\fake.cfg
- %ProgramFiles%\dbprotectsupport\svchost.exe.bak
- DNS ASK 33##b.com
- '%ProgramFiles%\dbprotectsupport\svchost.exe'