Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\j6bixtk.lnk
- %WINDIR%\syswow64\svchost.exe
- %APPDATA%\ksillzcwxbs\7690.xml
- %WINDIR%\syswow64\.identifier
- %WINDIR%\syswow64\.identifier
- from %APPDATA%\ksillzcwxbs\7690.xml to %APPDATA%\ksillzcwxbs\jrq1vb72t.exe
- '46.##6.161.71':3360
- '%WINDIR%\syswow64\svchost.exe'