Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- <SYSTEM32>\tasks\bba20bda007e3f734c6891fb339b6833
- C:\netsvc\ixgvnpqy2trvxvwulqlzrlehw9tk6m.bat
- C:\netsvc\vmcheck32.dll
- C:\netsvc\svcinto.exe
- C:\netsvc\system.vbe
- C:\netsvc\system.lnk
- http://18#.#3.7.166/d3295kdkgl5wghvr784pq4kefgbrhgqpoxv5sz9b9z4u2015feo8xt5i8dqryn0r3pj/3zzt1nf6nlm7r6gnbiwwv0wyppcd2ug05yvjazz9e375m9cail4r3rdd8qgq0i3bspjc6xvgautt/0520ddc4202b8edc06e12830e5ec...
- http://18#.#3.7.166/d3295kdkgl5wghvr784pq4kefgbrhgqpoxv5sz9b9z4u2015feo8xt5i8dqryn0r3pj/3zzt1nf6nlm7r6gnbiwwv0wyppcd2ug05yvjazz9e375m9cail4r3rdd8qgq0i3bspjc6xvgautt/fhuhpte97jt8daubvktm3foqcvqe...
- http://ip##fo.io/ip
- DNS ASK ip##fo.io
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\netsvc\System.vbe"
- 'C:\netsvc\svcinto.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\netsvc\IxGvNPQY2trVXVwulQlzRlEHw9tk6m.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\netsvc\IxGvNPQY2trVXVwulQlzRlEHw9tk6m.bat" "