Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\efzcwjecddag.lnk
- %WINDIR%\syswow64\wscript.exe
- %TEMP%\ixp000.tmp\cdrookffrh.exe
- %TEMP%\aut26d1.tmp
- %TEMP%\nyhkggt
- %APPDATA%\gcbg.exe
- %APPDATA%\gcbgw.au3
- %HOMEPATH%\gcvunwpeoppditve\gcbg.exe
- %HOMEPATH%\gcvunwpeoppditve\gcbgw.au3
- %TEMP%\aut26d1.tmp
- %TEMP%\nyhkggt
- %TEMP%\ixp000.tmp\cdrookffrh.exe
- from %APPDATA%\gcbgw.au3 to %HOMEPATH%\gcvunwpeoppditve\gcbgw.au3
- from %APPDATA%\gcbg.exe to %HOMEPATH%\gcvunwpeoppditve\gcbg.exe
- '%TEMP%\ixp000.tmp\cdrookffrh.exe'
- '%APPDATA%\gcbg.exe' "%APPDATA%\gCBGW.au3"
- '%WINDIR%\syswow64\wscript.exe'
- '%TEMP%\ixp000.tmp\cdrookffrh.exe' ' (with hidden window)