Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\system.lnk
- <SYSTEM32>\tasks\9ad7fadd470a2289cc6dac1824a91b09
- C:\sessioncrt\yumxnmkw14rtjz5ve3ho.exe
- C:\sessioncrt\ybe35urunn0mxeoh97njsy7ijgkxi8.vbs
- C:\sessioncrt\qilvez85d6uvknr582pxnmc1ljacqd.bat
- C:\sessioncrt\ykgtwmxirrtomeafjii1hjto8csgap.bat
- C:\sessioncrt\vmcheck32.dll
- C:\sessioncrt\intoref.exe
- C:\sessioncrt\system.vbe
- C:\sessioncrt\system.lnk
- http://f0####93.xsph.ru/1kstcwhpet7hdft8wc48kdojhn6owp838wnn2z0fmvm1su/9y50urhg1c2u/9c595cb335503892698dfc7ba111f3c0d2c14b41.php?28################################
- DNS ASK f0####93.xsph.ru
- ClassName: 'EDIT' WindowName: ''
- '%WINDIR%\syswow64\wscript.exe' "C:\sessioncrt\ybE35Urunn0mXeOh97nJSy7IJGkxi8.vbs"
- 'C:\sessioncrt\yumxnmkw14rtjz5ve3ho.exe' -pe9663f26eae2d6e11d0a559181685163e76cab1b
- '%WINDIR%\syswow64\wscript.exe' "C:\sessioncrt\System.vbe"
- 'C:\sessioncrt\intoref.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\sessioncrt\QIlVez85D6uvKNR582PXnmc1lJaCqd.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\sessioncrt\YkgtwmXIrrtoMEafJii1hjtO8Csgap.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\sessioncrt\QIlVez85D6uvKNR582PXnmc1lJaCqd.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""C:\sessioncrt\YkgtwmXIrrtoMEafJii1hjtO8Csgap.bat" "