Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\wgvvdaec.lnk
- <SYSTEM32>\tasks\opera scheduled autoupdate 2021791044
- %APPDATA%\microsoft\windows\wgvvdaec\hebtburt.exe
- %APPDATA%\microsoft\windows\wgvvdaec\hebtburt.exe
- 'pr###st-0124.tk':80
- http://www.ms###csi.com/ncsi.txt
- http://pr###st-0124.tk/
- DNS ASK pr###st-0124.tk