Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'winbaramws' = '"%APPDATA%\winbaram local files\winbaram.exe" '
- %HOMEPATH%\Start Menu\Programs\Startup\winbaramws.vbs
- %APPDATA%\winbaram local files\readme.xml2.txt
- %APPDATA%\winbaram local files\readme.xml3.txt
- %APPDATA%\winbaram local files\license.txt
- <Current directory>\readme.xml2.txt
- <Current directory>\readme.xml3.txt
- %APPDATA%\winbaram local files\winbaram.exe
- 'mi###circle.com':443
- 'in####lpixel.com':80
- http://www.in####lpixel.com/install.php?ad######################################################################################################## via in####lpixel.com
- DNS ASK www.mi###circle.com
- DNS ASK www.in####lpixel.com
- '%APPDATA%\winbaram local files\winbaram.exe' local files\winbaram.exe