Technical Information
- '%WINDIR%\syswow64\cscript.exe' %TEMP%\Client.vbs AC
- '%WINDIR%\syswow64\cmd.exe' /C cscript %tmp%\Client.vbs AC
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53...
- %WINDIR%\explorer.exe
- iexplore.exe
- iexplore.exe process, wininet.dll module
- firefox.exe process, nss3.dll module
- %TEMP%\client.vbs
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\304a582a6ac02c5a769e9103724d9f1e_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\eecfa3d572876f24b63f82fa1678adff_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\34a2c741c143792728f0393d2340072b_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\d0c34d7c621814c97885c2deda97ab62_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\635f506f3cb2fcbbbd1efcf207dbc095_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\c43140480b9a4431d70dcb7592159b2f_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2ded9453ae37f725075cd30b2cf29deb_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\0a9703b89d4480fbedc2a3296a9cdd96_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\ef9d3dc3fb0b0d0c1a576725d94436f1_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\8ae36e4585b510bbca823dc962fbf6ec_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fa9e83489260945f91d84d9fe44d5cd6_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\f30d84081606e7bdf1ceb2ff9ea39def_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\39d4355a937c2638ccac626be6b7c3a4_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\96b9f75c18f8dce2c83bc5c57c10f1da_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\78fe39d240adc86f67442288d3008b83_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\42a072a100774b0bc2abe3734b1e01c5_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\7c7202b90f9410cfc0acf510bb873103_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\46af0c59cd647db6574345b94b0e4721_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2c6d41633acb2b747ed992c122b485ba_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2fac854cb1d2916468c68200307d3d0c_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\f83ab13da555691807a14678f1c3b784_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\aa3a5f178f3210790ac0ba63c7d20f04_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\16a85308fe3da8f970e97ac720b41bd8_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\01b66cf886316f67397e739eb76c137a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fd6000c3b6c59048769576cfedec769f_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\6341e98b977d649e795580d5f10ac2f9_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\c1864c4f921038da3bf11d7c01b30227_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\dffa673a303ffd30368a78b881be5496_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a96117e4c1765183eed68a030be24693_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\632db1b01ebce35337acb83d4f7fd1eb_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\faba8ec16bb76ad6437418703bdd26aa_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\48ac5616a22f919df9c57722a8ad5d86_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\5fc00d6b12de44fedd330fab6ca48473_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\5f15522e757ab786a57db2538ff1c4e3_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\f4175a39399d601dc7310f49d1032dd7_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\378fdd74a245df7c0820c61f25be316c_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\7c4159eed29fb05fc202fb02843612c8_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\baa96eabd3de82a97788b37ed543e7cf_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\256c31c49815dd9f2d39ab19e09e967d_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\039718e8987fcfbe14cba8a3fab62809_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a0f1b5bbf3140acec21e3bbadaa33f1d_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\63fef7525677db8ad598276a85a7f993_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fd2558e56b88ec80cf96144fdc5e0eff_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\1a6ddab0249be8d157847b649d6c23d3_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2f974830ca862ada2c03f61a753eb7f6_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\708fcb3f747956d935b68d8ca762125a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\9e2b014d8af2d863d688b6eedc604068_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\6650f8a4e65b7957adc1e123a76a14bf_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a545394845f8a80d6429abab1f139388_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\44c7bbdda294cc4232fb23ca222cecfa_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a4bff7b22326edb2085913c294744c11_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\8f9e724f0b3acfeac45493e70f22bbdd_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\b3f11639633ccf42a12e618c3a576ced_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\bfed08181e6a1a1c8bc560d53035780d_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\cf2ed7796f55c7ed3a2eedab839727de_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\7db77ff8e1094859def86cbb5f3ff7e7_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\632db1b01ebce35337acb83d4f7fd1eb_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\eecfa3d572876f24b63f82fa1678adff_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\34a2c741c143792728f0393d2340072b_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\d0c34d7c621814c97885c2deda97ab62_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\635f506f3cb2fcbbbd1efcf207dbc095_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\c43140480b9a4431d70dcb7592159b2f_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2ded9453ae37f725075cd30b2cf29deb_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\0a9703b89d4480fbedc2a3296a9cdd96_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\ef9d3dc3fb0b0d0c1a576725d94436f1_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\8ae36e4585b510bbca823dc962fbf6ec_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fa9e83489260945f91d84d9fe44d5cd6_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\f30d84081606e7bdf1ceb2ff9ea39def_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\39d4355a937c2638ccac626be6b7c3a4_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\96b9f75c18f8dce2c83bc5c57c10f1da_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\78fe39d240adc86f67442288d3008b83_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\42a072a100774b0bc2abe3734b1e01c5_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\7c7202b90f9410cfc0acf510bb873103_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\46af0c59cd647db6574345b94b0e4721_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2c6d41633acb2b747ed992c122b485ba_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2fac854cb1d2916468c68200307d3d0c_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\f83ab13da555691807a14678f1c3b784_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\aa3a5f178f3210790ac0ba63c7d20f04_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\16a85308fe3da8f970e97ac720b41bd8_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\01b66cf886316f67397e739eb76c137a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fd6000c3b6c59048769576cfedec769f_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\c1864c4f921038da3bf11d7c01b30227_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\304a582a6ac02c5a769e9103724d9f1e_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\7db77ff8e1094859def86cbb5f3ff7e7_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\6341e98b977d649e795580d5f10ac2f9_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\cf2ed7796f55c7ed3a2eedab839727de_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\faba8ec16bb76ad6437418703bdd26aa_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\48ac5616a22f919df9c57722a8ad5d86_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\5fc00d6b12de44fedd330fab6ca48473_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\5f15522e757ab786a57db2538ff1c4e3_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\f4175a39399d601dc7310f49d1032dd7_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\378fdd74a245df7c0820c61f25be316c_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\7c4159eed29fb05fc202fb02843612c8_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\baa96eabd3de82a97788b37ed543e7cf_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\256c31c49815dd9f2d39ab19e09e967d_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\039718e8987fcfbe14cba8a3fab62809_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a0f1b5bbf3140acec21e3bbadaa33f1d_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\63fef7525677db8ad598276a85a7f993_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\fd2558e56b88ec80cf96144fdc5e0eff_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\1a6ddab0249be8d157847b649d6c23d3_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\2f974830ca862ada2c03f61a753eb7f6_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\708fcb3f747956d935b68d8ca762125a_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\9e2b014d8af2d863d688b6eedc604068_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\6650f8a4e65b7957adc1e123a76a14bf_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a545394845f8a80d6429abab1f139388_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\44c7bbdda294cc4232fb23ca222cecfa_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a4bff7b22326edb2085913c294744c11_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\8f9e724f0b3acfeac45493e70f22bbdd_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\b3f11639633ccf42a12e618c3a576ced_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\bfed08181e6a1a1c8bc560d53035780d_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\a96117e4c1765183eed68a030be24693_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\dffa673a303ffd30368a78b881be5496_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
- %TEMP%\client.vbs
- http://20#.#48.110.29/few/era.jpg
- http://www.th#####ondbydoron.com/lnb/?-Z################################################################################################
- http://www.vz##ls.com/lnb/?-Z################################################################################################
- DNS ASK th#####ondbydoron.com
- DNS ASK vz##ls.com
- '%WINDIR%\syswow64\cmd.exe' /C cscript %tmp%\Client.vbs AC' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $8B0111F552=[Ref].Assembly.GetType('Sy'+'stem.'+'Mana'+'gem'+'ent'+'.Autom'+'atio'+'n.A'+'m'+'si'+'Utils');$835FFE1926='4456625220575263174452554847';$9FE0AD5C66=[string](0..13|%{[char][int](53...' (with hidden window)
- '%CommonProgramFiles%\microsoft shared\equation\eqnedt32.exe' -Embedding
- '%WINDIR%\syswow64\control.exe'
- '%WINDIR%\syswow64\rundll32.exe'
- '%WINDIR%\syswow64\cmd.exe' del "%WINDIR%\syswow64\control.exe"