Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Realtek Semiconductor' = '"%WINDIR%\RtHDVCpl.exe"'
- %WINDIR%\RtHDVCpl.exe
- <SYSTEM32>\ping.exe -n 1 localhost
- <SYSTEM32>\cmd.exe /c ""<Current directory>\melt.bat" "
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- <Current directory>\melt.bat
- %WINDIR%\RtHDVCpl.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\bot[1].htm
- 'pa######undensicherheit.org':80
- 'www.da###a1m0ad.com':80
- '93.##4.93.226':80
- 'od####ervice.com':80
- 'od####ervice.org':80
- pa######undensicherheit.org/Panel/bot.php
- www.da###a1m0ad.com/Panel/bot.php
- 93.##4.93.226/Panel/bot.php
- od####ervice.com/Panel/bot.php
- od####ervice.org/Panel/bot.php
- DNS ASK pa######undensicherheit.org
- DNS ASK www.da###a1m0ad.com
- DNS ASK od####ervice.com
- DNS ASK od####ervice.org