Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\890207d7-2112-4788-8692-49ab13a2592f.vbs
- %TEMP%\nsr5a60.tmp
- %TEMP%\nswdf6.tmp\ccn7d4jz.txt
- %TEMP%\nswdf6.tmp\2m23qedm.n30
- %TEMP%\nswdf6.tmp\yn2drq0n.0z0
- %TEMP%\nswdf6.tmp\eyimrdatolcc6.dll
- %ALLUSERSPROFILE%\vctip.exe.config
- %TEMP%\nshde6.tmp
- %TEMP%\nswdf6.tmp\222491troll1.jpg
- %ALLUSERSPROFILE%\vctip.exe
- %TEMP%\nsg5a70.tmp\222491troll1.jpg
- %TEMP%\nsg5a70.tmp\ccn7d4jz.txt
- %TEMP%\nsg5a70.tmp\2m23qedm.n30
- %TEMP%\nsg5a70.tmp\yn2drq0n.0z0
- %TEMP%\nsg5a70.tmp\eyimrdatolcc6.dll
- <Full path to file>.config
- %TEMP%\nsg5a70.tmp\clr.dll
- %TEMP%\nswdf6.tmp\clr.dll
- <Full path to file>.config
- %ALLUSERSPROFILE%\vctip.exe.config
- '%ALLUSERSPROFILE%\vctip.exe'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\890207d7-2112-4788-8692-49ab13a2592f.vbs"' (with hidden window)
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\890207d7-2112-4788-8692-49ab13a2592f.vbs"