Technical Information
- %WINDIR%\tasks\userwizard.job
- %ALLUSERSPROFILE%\application data\{269fecc7-0291-7f6c-269f-fecc7029b31c}\<File name>.exe
- %ALLUSERSPROFILE%\application data\{269fecc7-0291-7f6c-269f-fecc7029b31c}\<File name>.dat
- DNS ASK ge####ltiple.link
- DNS ASK al####el-pro.com
- DNS ASK gr###model.biz
- DNS ASK ri###ynorth.biz