Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\mpwb7jlnoz1hpqpgegzkx8l.lnk
- %LOCALAPPDATA%\comsetup.log
- %LOCALAPPDATA%\de7egstaaotvggu0\iex5k8ssoh6gfznjkkgou8ugll.wsf
- %APPDATA%\tlpdcsozbnkphbt.zip
- %LOCALAPPDATA%\de7egstaaotvggu0\iex5k8ssoh6gfznjkkgou8ugll.wsf
- %APPDATA%\tlpdcsozbnkphbt.zip
- http://16#.#.231.236/Garyptjsarpgdvsud/Nbizdlwrxqrkq/Xhbgehogobk/Uegcpwmsin/Tlpdcsozbnkphbt.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\de7eGstAAOTvGgU0\ieX5K8ssOh6GFznJKKGoU8UGlL.wsf"