Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\bkphst32.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\winlog.lnk
- C:\media\ckko6xege5dpxexjvcxo1dj0l3d23i.bat
- C:\media\vmcheck32.dll
- C:\media\fontreview.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\pictures\bkphst32.exe
- %HOMEPATH%\pictures\bkphst32.lnk
- %HOMEPATH%\pictures\vmcheck32.dll
- C:\media\winlog.lnk
- DNS ASK 99###.prohoster.biz
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\ckko6XeGE5DpXeXJvCxo1Dj0L3D23i.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\Media\ckko6XeGE5DpXeXJvCxo1Dj0L3D23i.bat" "