Technical Information
- [<HKLM>\System\CurrentControlSet\Services\Rsfgpr rdlauukk] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Rsfgpr rdlauukk] 'ImagePath' = '%ProgramFiles(x86)%\Afrcfhk.exe'
- 'Rsfgpr rdlauukk' %ProgramFiles(x86)%\Afrcfhk.exe
- %ProgramFiles(x86)%\afrcfhk.exe
- %ProgramFiles(x86)%\afrcfhk.exe
- from <Full path to file> to %WINDIR%\syswow64\1118308.bak
- '10#.#2.15.123':80
- 'cn##eb.top':88
- 'cn##eb.top':8008
- 'cn##eb.top':8008
- DNS ASK cn##eb.top
- '%ProgramFiles(x86)%\afrcfhk.exe'