Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst.lnk
- C:\media\otnfcyatwpbdo0epyznz.exe
- C:\media\ve5ulsl5ttnun3sr9uyc8vyc8z3d6u.vbs
- C:\media\acwaoivvm5q5ccqbxtjnu0dcfkl0pi.bat
- C:\media\gxg8yikbr3v9j4bf9eiwtv4bvlxp74.bat
- C:\media\vmcheck32.dll
- C:\media\fontreview.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst.exe
- %HOMEPATH%\pictures\bkphst.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- DNS ASK 3f####0b.ngrok.io
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\Ve5Ulsl5ttNUN3SR9uYc8VYC8Z3D6U.vbs"
- 'C:\media\otnfcyatwpbdo0epyznz.exe' -pf35d29ac13cfe611cdf5c951739950e282074092
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\acWAoIvvm5Q5CcqBXtjNU0dCfkl0Pi.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\Gxg8yIkbR3v9J4BF9eiwTV4BvLxp74.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\acWAoIvvm5Q5CcqBXtjNU0dCfkl0Pi.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\Gxg8yIkbR3v9J4BF9eiwTV4BvLxp74.bat" "