Technical Information
- '<SYSTEM32>\cmd.exe' /c del "<Full path to file>" /a
- '<SYSTEM32>\cmd.exe' /c del "GBA1.6Є©§у·sµ{¦Ў1031208.exe" /a
- '%APPDATA%\Microsoft\iexplore.exe'
- %APPDATA%\Microsoft\Protect\CREDHIST
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\e4e3f683a45c5d61d029ff2a3db43104_23ef5514-3059-436f-a4a7-4cefaab20eb1
- <Current directory>\ka4281x3.log
- %APPDATA%\Microsoft\iexplore.exe
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\e4e3f683a45c5d61d029ff2a3db43104_23ef5514-3059-436f-a4a7-4cefaab20eb1
- <Current directory>\ka4281x3.log
- '11#.#60.45.65':80
- http://11#.#60.45.65/?9>#########################################################################################################################################################################...