Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.exe
- %WINDIR%\syswow64\explorer.exe
- <File name>.exe
- %APPDATA%\<File name>.exe
- %APPDATA%\system32\svchost.exe
- %TEMP%\user2.txt
- %TEMP%\user7
- %TEMP%\user8
- %APPDATA%\system32\svchost.exe
- %TEMP%\user2.txt
- %APPDATA%\<File name>.exe
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- DNS ASK wi##.##aticcling.org
- '%APPDATA%\<File name>.exe'
- '%APPDATA%\system32\svchost.exe'
- '%APPDATA%\system32\svchost.exe' ' (with hidden window)
- '%WINDIR%\syswow64\explorer.exe'