Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'System' = '%WINDIR%\SysWOW64\CITICC~1.EXE'
- %TEMP%\glcfddf.tmp
- %TEMP%\glkfdff.tmp
- %TEMP%\glg9c9.tmp
- C:\~glh0000.tmp
- %WINDIR%\syswow64\~glh0001.tmp
- %WINDIR%\syswow64\temp.000
- %WINDIR%\syswow64\~glh0003.tmp
- C:\install.log
- %WINDIR%\syswow64\~glh0001.tmp
- %TEMP%\glg9c9.tmp
- %TEMP%\glkfdff.tmp
- %TEMP%\glcfddf.tmp
- from C:\~glh0000.tmp to C:\unwise.exe
- from %WINDIR%\syswow64\temp.000 to %WINDIR%\syswow64\~glh0002.tmp
- from %WINDIR%\syswow64\~glh0002.tmp to %WINDIR%\syswow64\citicclient.exe
- from %WINDIR%\syswow64\~glh0003.tmp to %WINDIR%\syswow64\notify.wav
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\FirewallControlPanel.dll,ShowNotificationDialog /configure /ETOnly 0 /OnProfiles 6 /OtherAllowed 0 /OtherBlocked 0 /OtherEdgeAllowed 0 /NewBlocked 4 "%WINDIR%\syswow64\citicclient.ex...