Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'hdebonair' = '{65B94EA8-D936-4EF4-8158-962B32C268CC}'
- <SYSTEM32>\ping.exe 127.0.0.1 -n 3 -w 1000
- <SYSTEM32>\cmd.exe /c %WINDIR%\__zzz0701__.bat
- %WINDIR%\__zzz0701__.bat
- %WINDIR%\hdebonair.dll
- 'bo##gle.net':80
- 'ap#####wn.cafe24.com':80
- bo##gle.net/mysql/count.php?id###
- bo##gle.net/mysql/count.php?id####
- ap#####wn.cafe24.com/lastup/fix3/loader9.dll
- DNS ASK bo##gle.net
- DNS ASK ap#####wn.cafe24.com
- '<Private IP address>':1035