Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Win0Start' = '<Full path to file>'
- <Drive name for removable media>:\_èçºî½âãüîòµäîä¼þ_.txt
- <Drive name for removable media>:\1sm_price.zip
- <Drive name for removable media>:\subjectclassification.zip
- <Drive name for removable media>:\fiche_inscription_2015.zip
- <Drive name for removable media>:\price.zip
- %WINDIR%\temp\ssession
- D:\_èçºî½âãüîòµäîä¼þ_.txt
- C:\_èçºî½âãüîòµäîä¼þ_.txt
- http://11#.#0.159.105/get.php?co##########################################################################################