Technical Information
- %APPDATA%\microsoft\credentials\mediaplayer\mediamanager\media.js
- %TEMP%\reportapi.js
- %APPDATA%\microsoft\credentials\mediaplayer\mediamanager\media.reg
- %APPDATA%\microsoft\credentials\mediaplayer\mediamanager\media.lnk
- %APPDATA%\microsoft\credentials\mediaplayer\mediamanager\id.txt
- %TEMP%\reportapi.js
- %APPDATA%\microsoft\credentials\mediaplayer\mediamanager\media.reg
- http://13#.#8.37.63/tran/check.php?id#########
- DNS ASK di####lpoint.com
- '<SYSTEM32>\cscript.exe' %APPDATA%\Microsoft\Credentials\MediaPlayer\MediaManager\media.js
- '<SYSTEM32>\cscript.exe' %TEMP%\reportapi.js
- '<SYSTEM32>\cscript.exe' %APPDATA%\Microsoft\Credentials\MediaPlayer\MediaManager\media.js' (with hidden window)
- '<SYSTEM32>\cscript.exe' %TEMP%\reportapi.js' (with hidden window)
- '<SYSTEM32>\reg.exe' import %APPDATA%\Microsoft\Credentials\MediaPlayer\MediaManager\media.reg' (with hidden window)
- '<SYSTEM32>\reg.exe' import %APPDATA%\Microsoft\Credentials\MediaPlayer\MediaManager\media.reg