Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'Classes' = '%APPDATA%\Microsoft\ecbhbaee\iivggiaw.exe'
- %WINDIR%\explorer.exe
- %TEMP%\bracelets-up.gif
- %TEMP%\feed.php
- %TEMP%\huXmvQBdPO
- %TEMP%\uni-form.css
- %TEMP%\1EbVzZ0l.PajF
- %APPDATA%\Microsoft\ecbhbaee\iivggiaw.exe
- %TEMP%\pendants-up.gif
- %TEMP%\7UbjSmMecSk1NP3r.gCnm
- %TEMP%\jquery.dcmegamenu.1.3.4.min.js
- %TEMP%\bookmark.js
- %TEMP%\apple-touch-icon-152x1521757788105.png
- %TEMP%\qUI4qP5vMKD=
- %TEMP%\js_composer_front.css
- %TEMP%\theme-blog.css
- %TEMP%\styles.css
- %TEMP%\feed398671737.rss+xml
- %TEMP%\rings-up.gif
- %APPDATA%\Microsoft\ecbhbaee\iivggiaw.exe
- <Full path to file>
- '20#.#6.232.182':80
- 'wp#d':80
- http://www.microsoft.com/ via 20#.#6.232.182
- http://11#.#11.111.1/wpad.dat via wp#d
- http://go.microsoft.com/fwlink/?Li########### via 20#.#6.232.182
- DNS ASK go.microsoft.com
- DNS ASK www.microsoft.com
- DNS ASK wp#d
- '<Full path to file>'
- '%WINDIR%\explorer.exe'