Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\URWKfGKJdcFa.lnk
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe'
- '%APPDATA%\NNhX.exe' "%APPDATA%\HbPeX"
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <Current directory>\HbPeX
- %APPDATA%\NNhX.exe
- %APPDATA%\HbPeX
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- <Current directory>\NNhX1
- <Current directory>\NNhX.exe
- %HOMEPATH%\uj0mz0ZFwSE0P0cb\NNhX.exe
- %HOMEPATH%\uj0mz0ZFwSE0P0cb\HbPeX
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- from %APPDATA%\NNhX.exe to %HOMEPATH%\uj0mz0ZFwSE0P0cb\NNhX.exe
- from %APPDATA%\HbPeX to %HOMEPATH%\uj0mz0ZFwSE0P0cb\HbPeX