Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\75sobx5nt.lnk
- %LOCALAPPDATA%\setuperr.log
- %LOCALAPPDATA%\kg4vrkorve1fxsbfdoo8bjnb\khc6p1jgx6.wsf
- %APPDATA%\yewemfkifmgqri.zip
- %APPDATA%\ex3irq~1\odudinmqdlhswjzcryet.db
- %APPDATA%\ex3irq~1\rcolhlbwytegoyltsblog.db
- %APPDATA%\ex3irq~1\rcolhlbwytegoyltsblog.exe
- %LOCALAPPDATA%\kg4vrkorve1fxsbfdoo8bjnb\khc6p1jgx6.wsf
- %APPDATA%\yewemfkifmgqri.zip
- http://63.##0.37.92/Homvcckngxncookf/Osctmnxcggnoyj/Mrvqgarwl/Yiipibtctgrp/Yewemfkifmgqri.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\kG4vrKOrVE1fXSBfDoO8BJNB\KHC6P1jgx6.wsf"