Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'd3dx32' = 'C:\Media\System.lnk'
- %HOMEPATH%\start menu\programs\startup\system.lnk
- C:\media\260cwr9iueyofuw1ifwrto13d1c8gg.bat
- C:\media\vmcheck32.dll
- C:\media\fontreview.exe
- C:\media\system.vbe
- C:\media\system.lnk
- %HOMEPATH%\my documents\my pictures\bkphst32.exe
- http://10####.prohoster.biz/hmf85xjr3jbvkl2c3rmpqw7j6wctggsig06dadzz4semec/glwvy3ciogc5fa0drpdmm35ntv8lbkxir3wdh7xn0r9lb00buqxdcz7o2ecmsotx41uh3ik4jblhrzseh8qny4h/0f7cd55b7d7ed359c5891da4af4acd...
- http://10####.prohoster.biz/hmf85xjr3jbvkl2c3rmpqw7j6wctggsig06dadzz4semec/glwvy3ciogc5fa0drpdmm35ntv8lbkxir3wdh7xn0r9lb00buqxdcz7o2ecmsotx41uh3ik4jblhrzseh8qny4h/vfk92mldd897ykdnjaz7c2c9qnm2th...
- http://ip##fo.io/ip
- DNS ASK 10####.prohoster.biz
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' "C:\Media\System.vbe"
- 'C:\media\fontreview.exe'
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\260CwR9IuEYOFuW1IFwRTo13D1C8GG.bat" "' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""C:\Media\260CwR9IuEYOFuW1IFwRTo13D1C8GG.bat" "