Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'HYDRATERS' = '%HOMEPATH%\Radicalisation4\Bookmakeriets.exe'
- ieinstal.exe
- %HOMEPATH%\radicalisation4\bookmakeriets.exe
- http://th####nreuters.host/FQ/EHH_encrypted_18BA8C0.bin
- DNS ASK th####nreuters.host
- '%ProgramFiles(x86)%\internet explorer\ieinstal.exe'