Technical Information
- <SYSTEM32>\tasks\firefox default browser agent f4d6326349b1d3b0
- %APPDATA%\refwabt
- %APPDATA%\refwabt
- 'ha###nvest.at':80
- 'ph####beauty.com':80
- 'sp##g.ru':80
- 'tn##az.com':80
- 'ze###linic.com':80
- 'su####-smiles.com':80
- 'mo##o.ru':80
- 'pi###ia-life.ru':80
- 'pi###ia-life.ru':443
- 'pk##ev.net':80
- http://su####-smiles.com/
- http://ha###nvest.at/upload/
- http://sp##g.ru/upload/
- http://tn##az.com/upload/
- http://ze###linic.com/upload/
- http://mo##o.ru/forum/
- http://pi###ia-life.ru/upload/
- http://pk##ev.net/upload/
- 'pi###ia-life.ru':443
- DNS ASK ha###nvest.at
- DNS ASK ph####beauty.com
- DNS ASK sp##g.ru
- DNS ASK tn##az.com
- DNS ASK ca###enaro.com
- DNS ASK gi###otel.com
- DNS ASK ze###linic.com
- DNS ASK su####-smiles.com
- DNS ASK mo##o.ru
- DNS ASK pi###ia-life.ru
- DNS ASK pk##ev.net
- '%APPDATA%\refwabt'
- '%APPDATA%\refwabt' ' (with hidden window)
- '<SYSTEM32>\taskeng.exe' {59E39E93-445B-4B53-85F0-A08DE212F1E1} S-1-5-21-1960123792-2022915161-3775307078-1001:ckbclsls\user:Interactive:[1]