Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\windows.lnk
- %TEMP%\lol.bin
- %APPDATA%\ojelpeo\nutarlq.exe
- %TEMP%\pid.txt
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.nfo
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.dat
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.svr
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.nfo
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.dat
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.svr
- %APPDATA%\microsoft\windows\zwccukgly8abx\zwccukgly8abx.svr
- 'ss####.moneyhome.biz':900
- DNS ASK k4#####4.publicvm.com
- DNS ASK wi####up.16-b.it
- DNS ASK ss####.moneyhome.biz
- ClassName: '' WindowName: ''