Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '0x9bc1e7f6' = '<Full path to file>'
- DNS server to '47.111.45.52'
- DNS server to '<DNS_SERVER>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = '00000000'
- %APPDATA%\9bc1e7f6\x9bc.exe
- %APPDATA%\9bc1e7f6\x9bc.txt
- C:\lgglog\wswsws.lnk
- C:\lgglog\wswsws.lnk
- ClassName: '' WindowName: 'lgglog'
- ClassName: '' WindowName: 'C:\lgglog'
- ClassName: 'ShellTabWindowClass' WindowName: ''
- ClassName: 'DUIViewWndClassName' WindowName: ''
- ClassName: 'DirectUIHWND' WindowName: ''
- ClassName: 'SHELLDLL_DefView' WindowName: ''
- '%APPDATA%\9bc1e7f6\x9bc.exe' /RUM regini.exe %APPDATA%\9bc1e7f6\x9bc.txt
- '%WINDIR%\syswow64\regini.exe' %APPDATA%\9bc1e7f6\x9bc.txt' (with hidden window)
- '%WINDIR%\syswow64\regini.exe' %APPDATA%\9bc1e7f6\x9bc.txt