Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\2dfj1rwsvebdtd7jr8y8qrwyxlkksf0ogxg.lnk
- %LOCALAPPDATA%\reportevent.log
- %LOCALAPPDATA%\qhyjlmnajyj3xyqrtnyvhwjm\oyqup8qfpjtvxyj4xcncp7tux1n4hzdfzc.js
- %APPDATA%\gbioytzymblfeupk.zip
- %APPDATA%\6umjta~1\gxcvetvqvwvebjikiiflxqkiss.db
- %APPDATA%\6umjta~1\ywtvnz.db
- %APPDATA%\6umjta~1\gxcvetvqvwvebjikiiflxqkiss.exe
- %LOCALAPPDATA%\qhyjlmnajyj3xyqrtnyvhwjm\oyqup8qfpjtvxyj4xcncp7tux1n4hzdfzc.js
- %APPDATA%\gbioytzymblfeupk.zip
- http://19#.#92.20.113/Avovjyahrddqolkpz/Ghcpxtmnblsluv/Zewmssztkzx/Mfebpgulyjwybfopg/Gbioytzymblfeupk.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\qHyjlMNaJYJ3xyqRtNYvhWJm\oyQUP8QfpJtVXYJ4XcncP7tUX1n4HzdFzc.js"