Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\vvebrwfmnomgvwnjgdcxdcgpvauqno.lnk
- %LOCALAPPDATA%\wiatrace.log
- %LOCALAPPDATA%\yzdk8gi0uen2kxlkfnr3qv9lhke0kqpg9a\nfamcbbvldmeqd.wsf
- %APPDATA%\fhdzsfsfwoeyvwfbz.zip
- %LOCALAPPDATA%\yzdk8gi0uen2kxlkfnr3qv9lhke0kqpg9a\nfamcbbvldmeqd.wsf
- %APPDATA%\fhdzsfsfwoeyvwfbz.zip
- http://16#.#13.255.234/Xjyzmzmfm/Ctejxnemv/Fwqmfvmtcyquqklqh/Kimldbhgbia/Fhdzsfsfwoeyvwfbz.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\yZdK8Gi0uEn2KXlkfnr3qv9lhKE0KqpG9a\NfAmcbBVLdMeqD.wsf"