Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\qshijfatogngx1zlgo4ynyj98.lnk
- %LOCALAPPDATA%\wiatrace.log
- %LOCALAPPDATA%\wnqbjnd6bqdboedcxozbzq5iw85r\xfhag9sbg3j491.wsf
- %APPDATA%\bacvraigesws.zip
- %APPDATA%\ayhxtf~1\tvjousrblxapganciyn.db
- %APPDATA%\ayhxtf~1\ucdmapaui.db
- %APPDATA%\ayhxtf~1\tvjousrblxapganciyn.exe
- %LOCALAPPDATA%\wnqbjnd6bqdboedcxozbzq5iw85r\xfhag9sbg3j491.wsf
- %APPDATA%\bacvraigesws.zip
- http://16#.#.230.55/Hoxgzrxoyq/Ibtxlsegcpga/Iximpqvijaemelmko/Pmllfmvrprsrx/Bacvraigesws.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\WnQbjNd6BqdbOEDCxoZBzQ5IW85R\xFhAG9SBG3J491.wsf"