: Disconnect the infected machine from the network immediately.
Frequently distributed via phishing emails containing the .zip archive, often disguised as an invoice, shipping document, or software update. Execution Chain WitchLogger.zip
: Unexpected .tmp or .dat files in %AppData% or %LocalAppData% . : Disconnect the infected machine from the network