Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\bSHBVEHcBQLF.lnk
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%APPDATA%\IZMA.exe' "%APPDATA%\VPTPW"
- %WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- <Current directory>\VPTPW
- %APPDATA%\IZMA.exe
- %APPDATA%\VPTPW
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- <Current directory>\IZMA1
- <Current directory>\IZMA.exe
- %HOMEPATH%\bOacFY0verQBAz9z\VPTPW
- %HOMEPATH%\bOacFY0verQBAz9z\IZMA.exe
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- from %APPDATA%\IZMA.exe to %HOMEPATH%\bOacFY0verQBAz9z\IZMA.exe
- from %APPDATA%\VPTPW to %HOMEPATH%\bOacFY0verQBAz9z\VPTPW
- '16#.#7.20.45':7704