Technical Information
- C:\users\public\videos\sample videos\smss.exe
- C:\users\public\videos\sample videos\69ddcba757bf72
- %WINDIR%\downloaded program files\services.exe
- %WINDIR%\downloaded program files\c5b4cb5e9653cc
- %ProgramFiles(x86)%\windows photo viewer\en-us\smss.exe
- %ProgramFiles(x86)%\windows photo viewer\en-us\69ddcba757bf72
- C:\kms\explorer.exe
- C:\kms\7a0fd90576e088
- %ProgramFiles(x86)%\windows portable devices\audiodg.exe
- %ProgramFiles(x86)%\windows portable devices\42af1c969fbb7b
- %TEMP%\5byijhf4l4
- %TEMP%\9ve4dkjkar.bat
- nul
- %TEMP%\5byijhf4l4
- '18#.#04.113.237':80
- http://18#.#04.113.237/Image1/LinuxHttp/_/53secure/PhpLocal/externalRequestlow6/Cdn/Multi3Auth/Vmmultiflower.php
- 'C:\users\public\videos\sample videos\smss.exe'
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\9VE4dKJkAR.bat"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\9VE4dKJkAR.bat"
- '<SYSTEM32>\chcp.com' 65001
- '<SYSTEM32>\ping.exe' -n 10 localhost