Technical Information
- %LOCALAPPDATA%\reportevent.log
- %LOCALAPPDATA%\ds0gpiwshtekvojey1seicv2sbnwivv9\k62dvqdm7vihthfivzdsr6aph0zf76.js
- %APPDATA%\wrotdqykpooxuo.zip
- %APPDATA%\ffz7vr~1\gxcvetvqvwvebjikiiflxqkiss.db
- %APPDATA%\ffz7vr~1\ywtvnz.db
- %APPDATA%\ffz7vr~1\gxcvetvqvwvebjikiiflxqkiss.exe
- %LOCALAPPDATA%\ds0gpiwshtekvojey1seicv2sbnwivv9\k62dvqdm7vihthfivzdsr6aph0zf76.js
- %APPDATA%\wrotdqykpooxuo.zip
- http://63.##0.34.60/Tubogttecncjrtdi/Qhtmzfzigigcuw/Vamfgkrgyoxrgq/Evxamwgfvrihv/Wrotdqykpooxuo.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\DS0GPIwSHTeKVoJeY1sEicV2SbnwiVV9\K62DvqDm7vIhTHFIvzDsr6ApH0zf76.js"