Technical Information
- <SYSTEM32>\tasks\firefox default browser agent df03a1733827c88e
- %APPDATA%\vtbuuti
- %TEMP%\92fb.exe
- %APPDATA%\thunderbird\profiles\wjj9aet2.default\cookies.sqlite-shm
- %APPDATA%\vtbuuti
- %APPDATA%\thunderbird\profiles\wjj9aet2.default\cookies.sqlite-shm
- %TEMP%\92fb.exe
- 'ho####ile-host6.com':80
- 'so###ads.net':443
- 'tr##sfer.sh':443
- 'fi######ter-cluster-1.com':80
- 'pf##p.com':443
- http://fi######ter-cluster-1.com/1.exe
- http://ho####ile-host6.com/
- 'so###ads.net':443
- 'tr##sfer.sh':443
- 'pf##p.com':443
- DNS ASK ho####ile-host6.com
- DNS ASK so###ads.net
- DNS ASK tr##sfer.sh
- DNS ASK fi######ter-cluster-1.com
- DNS ASK pf##p.com
- '%TEMP%\92fb.exe'
- '%APPDATA%\vtbuuti'
- '%APPDATA%\vtbuuti' ' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C choice /C Y /N /D Y /T 0 &Del %TEMP%\92FB.exe
- '<SYSTEM32>\choice.exe' /C Y /N /D Y /T 0
- '<SYSTEM32>\taskeng.exe' {3A2ECC83-448F-4B51-928E-C7D088F8A5FA} S-1-5-21-1960123792-2022915161-3775307078-1001:wdxpbpgyfh\user:Interactive:[1]