Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\jhjklnnl94gd.lnk
- %APPDATA%\ixbsrq1vb72\3276.xml
- %ALLUSERSPROFILE%\82e370622359ad24112ca0f216b6d1843c208704
- %ALLUSERSPROFILE%\82e370622359ad24112ca0f216b6d1843c208704
- from %APPDATA%\ixbsrq1vb72\3276.xml to %APPDATA%\ixbsrq1vb72\ut6bixtkrz.exe
- DNS ASK lu##.#nyeakokwa.com
- '<Full path to file>' ' (with hidden window)