Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\9oLfy9Tf7n.eu.url
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe'
- <SYSTEM32>\svchost.exe
- %TEMP%\BEoy6Yj.4
- %APPDATA%\address\Screenshots\11-08-2017\5.19 PM
- %APPDATA%\9oLfy9Tf7n\9oLfy9Tf7n.exe
- %TEMP%\aut1.tmp
- %TEMP%\aut1.tmp
- 'localhost':31567
- '19#.#66.218.230':31567