Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'WVAS' = '%TEMP%\WVAS\wvas.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WVAS' = '%TEMP%\WVAS\wvas.exe'
- %TEMP%\WVAS\wvas.exe
- %TEMP%\WVAS\wvas.exe
- 'www.fi####p-address.org':80
- 'ep##emic.cc':80
- www.fi####p-address.org/
- ep##emic.cc/httpbot/bot/getInfo.php?co###########################################################################################################################
- ep##emic.cc/httpbot/bot/startup.php
- ep##emic.cc/httpbot/bot/commands.php
- DNS ASK www.fi####p-address.org
- DNS ASK ep##emic.cc
- ClassName: 'Indicator' WindowName: ''