Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\2rl6jfbrty16qmelfqtrc27byyyka1bakwt.lnk
- %LOCALAPPDATA%\logsetup.log
- %LOCALAPPDATA%\qv87zav0hkcvtbyti0tjwcnv\phxi7ryeo4npsbp9kujvbhw6xh22uqfx8e.wsf
- %APPDATA%\njwtsebnjaajri.zip
- %APPDATA%\6es6ct~1\odudinmqdlhswjzcryet.db
- %APPDATA%\6es6ct~1\rcolhlbwytegoyltsblog.db
- %APPDATA%\6es6ct~1\rcolhlbwytegoyltsblog.exe
- %LOCALAPPDATA%\qv87zav0hkcvtbyti0tjwcnv\phxi7ryeo4npsbp9kujvbhw6xh22uqfx8e.wsf
- %APPDATA%\njwtsebnjaajri.zip
- http://16#.#.231.236/Snpuwogiuxjccmwr/Techqyoxy/Kidpslmyqavqrsx/Gzhoibecybgn/Njwtsebnjaajri.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\qv87zAV0hkcvTbYtI0TJwcnV\PHXi7ryeO4NpsBp9kujVBhW6xH22UQFx8e.wsf"