Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\ieaasffe.lnk
- <SYSTEM32>\tasks\opera scheduled autoupdate 536308134
- %APPDATA%\microsoft\windows\ieaasffe\rberrbws.exe
- %APPDATA%\microsoft\windows\ieaasffe\rberrbws.exe
- 'ms###csi.com':80
- 'po###dshop.ru':443
- 'sh###ndpop.ru':443
- 'sh###owin.ru':443
- http://www.ms###csi.com/ncsi.txt
- 'po###dshop.ru':443
- DNS ASK po###dshop.ru
- DNS ASK sh###ndpop.ru
- DNS ASK sh###owin.ru
- DNS ASK sh###ndpop.su
- DNS ASK go###etime.bit
- '%APPDATA%\microsoft\windows\ieaasffe\rberrbws.exe'
- '%APPDATA%\microsoft\windows\ieaasffe\rberrbws.exe' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {EB70CE1B-7502-4DF7-AAC2-7E7CC13EB76F} S-1-5-21-1960123792-2022915161-3775307078-1001:dphjro\user:Interactive:[1]