Technical Information
- User Account Control (UAC)
- %TEMP%\evbae06.tmp
- %TEMP%\evbae26.tmp
- %TEMP%\evb271.tmp
- %TEMP%\evb2b0.tmp
- %TEMP%\evb2e0.tmp
- %TEMP%\evb310.tmp
- %TEMP%\evb35f.tmp
- http://as##########4a6s54a2d1.000webhostapp.com/wp-admin.php?lo######################
- DNS ASK as##########4a6s54a2d1.000webhostapp.com
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog ...
- '<SYSTEM32>\vssvc.exe'