Техническая информация
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- %APPDATA%\microsoft\windows\start menu\programs\startup\c07bc36d12bbc3285d2487b1c28ed5e7d8ac5bfc.lnk
- C:\monitorperf\vubw8v0z6zbw5idrh93el2dgnizisj.bat
- C:\monitorperf\vmcheck32.dll
- C:\monitorperf\intobroker.exe
- C:\monitorperf\system.vbe
- C:\monitorperf\system.lnk
- C:\monitorperf\c07bc36d12bbc3285d2487b1c28ed5e7d8ac5bfc.lnk
- http://ga######.000webhostapp.com/d9851r3/0gl1a7f72xwgqnyd66yedz6fcv3y1rjzkx852mkqt5gbn5coc4vrjvsvorcg8pnidh2pll1x3ru1oh/dc0ea968be816b181d6bc988ea5f9e1c24372578.php?65#########################...
- http://ga######.000webhostapp.com/d9851r3/0gl1a7f72xwgqnyd66yedz6fcv3y1rjzkx852mkqt5gbn5coc4vrjvsvorcg8pnidh2pll1x3ru1oh/dc0ea968be816b181d6bc988ea5f9e1c24372578.php?ab#########################...
- http://ga######.000webhostapp.com/d9851r3/0gl1a7f72xwgqnyd66yedz6fcv3y1rjzkx852mkqt5gbn5coc4vrjvsvorcg8pnidh2pll1x3ru1oh/wr2790g5pgy468bgawf2fz3awx0j498365eadeqc7qyg3/f2ac3f041e6fa258eb3076e241...
- http://ip##fo.io/ip
- DNS ASK ga######.000webhostapp.com
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\monitorperf\System.vbe"
- 'C:\monitorperf\intobroker.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\monitorperf\Vubw8V0Z6Zbw5IdrH93el2DGnIZisj.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\monitorperf\Vubw8V0Z6Zbw5IdrH93el2DGnIZisj.bat" "