Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\5r3wpgas2h5dxnelpwntvurbacmwngabqmjv.lnk
- %LOCALAPPDATA%\wiatrace.log
- %LOCALAPPDATA%\6nxivvo8jbckv\leobehcsy.wsf
- %APPDATA%\bacvraigesws.zip
- %APPDATA%\upj738~1\irltqlvxrmyksvmfdpyswom.db
- %APPDATA%\upj738~1\rwfwjstiexnromackfsyatpzd.db
- %APPDATA%\upj738~1\irltqlvxrmyksvmfdpyswom.exe
- %LOCALAPPDATA%\6nxivvo8jbckv\leobehcsy.wsf
- %APPDATA%\bacvraigesws.zip
- http://16#.#.230.55/Hoxgzrxoyq/Ibtxlsegcpga/Iximpqvijaemelmko/Pmllfmvrprsrx/Bacvraigesws.db
- '<SYSTEM32>\wscript.exe' "%LOCALAPPDATA%\6nxIvvO8jbCkV\lEobehcSY.wsf"