Technical Information
- https://share.dmca.gripe/8plthqnglpa0chbg as <Current directory>\erja
- C:\users\public\erja.bat
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- <Current directory>\erja
- %LOCALAPPDATA%\hrcb\hrcbtne.exe
- %LOCALAPPDATA%\hrcb\hrcb
- %LOCALAPPDATA%\hrcb\hrcbent.vbs
- %LOCALAPPDATA%\hrcb\hrcb_nekro.hta
- C:\users\public\clean.bat
- C:\users\public\sspicli.dll
- C:\users\public\perfmon.exe
- C:\users\public\runex.bat
- %WINDIR% \system32\perfmon.exe
- %WINDIR% \system32\sspicli.dll
- %LOCALAPPDATA%\hrcb\hrcbtne.exe
- %LOCALAPPDATA%\hrcb\hrcb
- %LOCALAPPDATA%\hrcb\hrcbent.vbs
- %LOCALAPPDATA%\hrcb\hrcb_nekro.hta
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK sh###.dmca.gripe
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\erja.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Runex.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\erja.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Users\Public\Runex.bat" "