Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Fluminose1' = '%HOMEPATH%\Unfatty5\amphitheccia.exe'
- ielowutil.exe
- %HOMEPATH%\unfatty5\amphitheccia.exe
- '21#.#8.8.172':49986
- http://je##ech.xyz/System_encrypted_249FAB0.bin
- DNS ASK je##ech.xyz
- '%ProgramFiles(x86)%\internet explorer\ielowutil.exe'