Technical Information
- C:\users\public\pictures\sample pictures\taskhost.exe
- C:\users\public\pictures\sample pictures\b75386f1303e64
- C:\msocache\all users\system.exe
- C:\msocache\all users\27d1bcfc3c54e0
- <Current directory>\explorer.exe
- <Current directory>\7a0fd90576e088
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\explorer.exe
- C:\recovery\fc7d0508-3f8d-11ed-bf82-c9aa0b5639b5\7a0fd90576e088
- %HOMEPATH%\my documents\conhost.exe
- %HOMEPATH%\my documents\088424020bedd6
- %TEMP%\fmjxolzype
- %TEMP%\9mrwsewx7i.bat
- nul
- %TEMP%\fmjxolzype
- '89.##5.84.52':80
- http://89.##5.84.52/4Async/windows/PacketVideo_/GeoPollphp/40/ProtecttrackDownloads/Wordpress4Packet/linux7/protect/ApiprotectBaseWp/temporary8asyncAuth/EternalphpPacketGeoUpdateFlowerdownloads...
- 'localhost':123
- 'C:\msocache\all users\system.exe'
- '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\9MrWSewx7i.bat"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\9MrWSewx7i.bat"
- '%WINDIR%\syswow64\chcp.com' 65001
- '%WINDIR%\syswow64\w32tm.exe' /stripchart /computer:localhost /period:5 /dataonly /samples:2
- '<SYSTEM32>\w32tm.exe' /stripchart /computer:localhost /period:5 /dataonly /samples:2